rio class 0 [ 2232.492349][T23024] XFS (nbd1): SB validate failed with error -5. [ 2232.655162][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 2232.655184][ T27] audit: type=1804 audit(1586453128.846:44831): pid=23043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3349/bus" dev="sda1" ino=17059 res=1 17:25:29 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2232.857340][ T2522] block nbd1: Attempted send on invalid socket [ 2232.863617][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2232.882207][T23024] XFS (nbd1): SB validate failed with error -5. 17:25:29 executing program 5: sched_setattr(0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:29 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2233.174211][ T27] audit: type=1804 audit(1586453129.366:44832): pid=23174 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/597/bus" dev="sda1" ino=17050 res=1 [ 2233.315131][ T27] audit: type=1804 audit(1586453129.426:44833): pid=23179 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2534/bus" dev="sda1" ino=17097 res=1 17:25:29 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xe401000000000000, 0x0) 17:25:29 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:29 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:29 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2233.564013][ T27] audit: type=1804 audit(1586453129.756:44834): pid=23289 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3222/bus" dev="sda1" ino=17096 res=1 [ 2233.735601][ T27] audit: type=1804 audit(1586453129.886:44835): pid=23293 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3350/bus" dev="sda1" ino=16672 res=1 [ 2233.916215][ T27] audit: type=1804 audit(1586453130.086:44836): pid=23298 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2834/bus" dev="sda1" ino=17030 res=1 [ 2234.052316][ T2522] block nbd1: Attempted send on invalid socket [ 2234.058550][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2234.071213][T23310] XFS (nbd1): SB validate failed with error -5. 17:25:30 executing program 5: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2234.091984][ T27] audit: type=1804 audit(1586453130.116:44837): pid=23302 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/598/bus" dev="sda1" ino=17059 res=1 17:25:30 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xb70000000000, 0x0) [ 2234.486380][ T27] audit: type=1804 audit(1586453130.676:44838): pid=23428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2535/bus" dev="sda1" ino=17040 res=1 17:25:30 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:30 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:30 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xb70000000000, 0x0) [ 2234.762509][ T2522] block nbd1: Attempted send on invalid socket [ 2234.768917][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2234.781711][T23310] XFS (nbd1): SB validate failed with error -5. 17:25:31 executing program 4: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:25:31 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xf100000000000000, 0x0) [ 2234.825728][ T2523] block nbd3: Attempted send on invalid socket [ 2234.832020][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2234.843406][T23548] XFS (nbd3): SB validate failed with error -5. [ 2234.893961][ T27] audit: type=1804 audit(1586453131.086:44839): pid=23553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3351/bus" dev="sda1" ino=17038 res=1 17:25:31 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xb70000000000, 0x0) [ 2235.038851][ T27] audit: type=1804 audit(1586453131.186:44840): pid=23559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3223/bus" dev="sda1" ino=17124 res=1 [ 2235.088478][T23672] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 17:25:31 executing program 5: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:31 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2235.425125][T23681] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2235.716042][T23681] CPU: 0 PID: 23681 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2235.724755][T23681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.735859][T23681] Call Trace: [ 2235.739171][T23681] dump_stack+0x11d/0x187 [ 2235.743528][T23681] dump_header+0xa7/0x399 [ 2235.748098][T23681] oom_kill_process.cold+0x10/0x15 [ 2235.753229][T23681] out_of_memory+0x21d/0xa30 [ 2235.758126][T23681] ? __rcu_read_unlock+0x66/0x2f0 [ 2235.763181][T23681] mem_cgroup_out_of_memory+0x12b/0x150 [ 2235.768800][T23681] try_charge+0xb60/0xbe0 [ 2235.773242][T23681] ? __rcu_read_unlock+0x66/0x2f0 [ 2235.778284][T23681] mem_cgroup_try_charge+0xd7/0x260 [ 2235.783660][T23681] mem_cgroup_try_charge_delay+0x36/0x70 [ 2235.789387][T23681] wp_page_copy+0x31a/0xf20 [ 2235.794257][T23681] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2235.800253][T23681] ? __read_once_size+0x2f/0xd0 [ 2235.805236][T23681] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2235.811164][T23681] do_wp_page+0x185/0xcc0 [ 2235.815570][T23681] ? psi_task_change+0x1a4/0x2c0 [ 2235.820585][T23681] __handle_mm_fault+0x1c5e/0x2cf0 [ 2235.825817][T23681] handle_mm_fault+0x21c/0x540 [ 2235.830608][T23681] do_page_fault+0x4a4/0xa52 [ 2235.835316][T23681] ? prepare_exit_to_usermode+0x165/0x1c0 [ 2235.841331][T23681] page_fault+0x34/0x40 [ 2235.845499][T23681] RIP: 0033:0x4128c6 17:25:32 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2235.849454][T23681] Code: fe 86 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 da fd 86 00 00 00 00 00 <48> c7 05 a7 d5 30 00 70 fe 71 00 31 d2 48 c7 05 92 d5 30 00 70 fe [ 2235.869185][T23681] RSP: 002b:00007ffc39b30868 EFLAGS: 00010246 [ 2235.875337][T23681] RAX: 0000000002947c00 RBX: 00007ffc39b30870 RCX: 0000000000c82690 [ 2235.883320][T23681] RDX: 0000000000c82690 RSI: 000000000071fe70 RDI: 0000000002947c20 [ 2235.891305][T23681] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2235.899285][T23681] R10: 0000000002947c10 R11: 0000000000000202 R12: 0000000000000001 [ 2235.907266][T23681] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 17:25:32 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:32 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x60ffffffffff, 0x0) [ 2236.368047][T23681] memory: usage 307200kB, limit 307200kB, failcnt 2299 17:25:32 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2236.466837][T23681] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2236.542060][T23681] Memory cgroup stats for /syz1: [ 2236.542242][T23681] anon 271065088 [ 2236.542242][T23681] file 20480 [ 2236.542242][T23681] kernel_stack 3907584 [ 2236.542242][T23681] slab 7413760 [ 2236.542242][T23681] sock 53248 [ 2236.542242][T23681] shmem 0 [ 2236.542242][T23681] file_mapped 0 [ 2236.542242][T23681] file_dirty 0 [ 2236.542242][T23681] file_writeback 0 [ 2236.542242][T23681] anon_thp 241172480 [ 2236.542242][T23681] inactive_anon 0 [ 2236.542242][T23681] active_anon 271065088 [ 2236.542242][T23681] inactive_file 0 17:25:32 executing program 5: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2236.542242][T23681] active_file 20480 [ 2236.542242][T23681] unevictable 0 [ 2236.542242][T23681] slab_reclaimable 1486848 [ 2236.542242][T23681] slab_unreclaimable 5926912 [ 2236.542242][T23681] pgfault 174372 [ 2236.542242][T23681] pgmajfault 0 [ 2236.542242][T23681] workingset_refault 66 [ 2236.542242][T23681] workingset_activate 66 [ 2236.542242][T23681] workingset_nodereclaim 0 [ 2236.542242][T23681] pgrefill 1301 [ 2236.542242][T23681] pgscan 1328 [ 2236.542242][T23681] pgsteal 335 [ 2236.675287][ T2523] block nbd0: Attempted send on invalid socket [ 2236.681848][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2236.699445][T23921] XFS (nbd0): SB validate failed with error -5. [ 2236.793681][T23681] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20903,uid=0 [ 2236.941547][T23681] Memory cgroup out of memory: Killed process 20903 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 17:25:33 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:33 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:33 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2237.699830][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 2237.699851][ T27] audit: type=1804 audit(1586453133.886:44848): pid=24051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/604/bus" dev="sda1" ino=17032 res=1 [ 2237.855256][ T27] audit: type=1804 audit(1586453133.956:44849): pid=24054 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2837/bus" dev="sda1" ino=17036 res=1 [ 2238.071512][ T2523] block nbd1: Attempted send on invalid socket [ 2238.078579][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2238.115431][T24060] XFS (nbd1): SB validate failed with error -5. 17:25:34 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xf401000000000000, 0x0) 17:25:34 executing program 0: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x0, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:25:34 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:34 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2238.242841][ T27] audit: type=1804 audit(1586453134.436:44850): pid=24185 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2538/bus" dev="sda1" ino=17038 res=1 [ 2238.315892][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2238.372860][ T7820] CPU: 1 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2238.381787][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.391973][ T7820] Call Trace: [ 2238.395340][ T7820] dump_stack+0x11d/0x187 [ 2238.399824][ T7820] dump_header+0xa7/0x399 [ 2238.404179][ T7820] oom_kill_process.cold+0x10/0x15 [ 2238.409475][ T7820] out_of_memory+0x21d/0xa30 [ 2238.414130][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2238.419196][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2238.424770][ T7820] try_charge+0xb60/0xbe0 [ 2238.429128][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2238.434183][ T7820] mem_cgroup_try_charge+0xd7/0x260 [ 2238.439531][ T7820] mem_cgroup_try_charge_delay+0x36/0x70 [ 2238.445258][ T7820] wp_page_copy+0x31a/0xf20 [ 2238.449794][ T7820] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2238.456020][ T7820] ? __read_once_size+0x2f/0xd0 [ 2238.460947][ T7820] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2238.467227][ T7820] do_wp_page+0x185/0xcc0 [ 2238.471568][ T7820] ? psi_task_change+0x1a4/0x2c0 [ 2238.476527][ T7820] __handle_mm_fault+0x1c5e/0x2cf0 [ 2238.481680][ T7820] handle_mm_fault+0x21c/0x540 [ 2238.486469][ T7820] do_page_fault+0x4a4/0xa52 [ 2238.491080][ T7820] ? prepare_exit_to_usermode+0x165/0x1c0 [ 2238.496817][ T7820] page_fault+0x34/0x40 [ 2238.501137][ T7820] RIP: 0033:0x45afba [ 2238.505074][ T7820] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2238.524784][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00010246 [ 2238.530938][ T7820] RAX: 0000000000000000 RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2238.538917][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000c871c8 [ 2238.546896][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2238.554933][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 00000000000000ca [ 2238.562985][ T7820] R13: 00000000000020d0 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2238.572888][ T27] audit: type=1804 audit(1586453134.646:44851): pid=24188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/605/bus" dev="sda1" ino=17066 res=1 17:25:34 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2238.667040][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2331 17:25:34 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2238.806871][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2238.814196][ T27] audit: type=1804 audit(1586453134.996:44852): pid=24299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3354/bus" dev="sda1" ino=17018 res=1 [ 2238.884402][ T7820] Memory cgroup stats for /syz1: [ 2238.884566][ T7820] anon 270999552 [ 2238.884566][ T7820] file 20480 [ 2238.884566][ T7820] kernel_stack 3944448 [ 2238.884566][ T7820] slab 7413760 [ 2238.884566][ T7820] sock 53248 [ 2238.884566][ T7820] shmem 0 [ 2238.884566][ T7820] file_mapped 0 [ 2238.884566][ T7820] file_dirty 0 [ 2238.884566][ T7820] file_writeback 0 [ 2238.884566][ T7820] anon_thp 241172480 [ 2238.884566][ T7820] inactive_anon 0 [ 2238.884566][ T7820] active_anon 270999552 [ 2238.884566][ T7820] inactive_file 0 [ 2238.884566][ T7820] active_file 20480 [ 2238.884566][ T7820] unevictable 0 [ 2238.884566][ T7820] slab_reclaimable 1486848 [ 2238.884566][ T7820] slab_unreclaimable 5926912 [ 2238.884566][ T7820] pgfault 174438 [ 2238.884566][ T7820] pgmajfault 0 [ 2238.884566][ T7820] workingset_refault 66 [ 2238.884566][ T7820] workingset_activate 66 [ 2238.884566][ T7820] workingset_nodereclaim 0 [ 2238.884566][ T7820] pgrefill 1301 [ 2238.884566][ T7820] pgscan 1328 [ 2238.884566][ T7820] pgsteal 335 [ 2239.085155][ T27] audit: type=1804 audit(1586453135.276:44853): pid=24308 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/606/bus" dev="sda1" ino=17109 res=1 17:25:35 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:35 executing program 0: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:35 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:35 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2239.547978][ T27] audit: type=1804 audit(1586453135.736:44854): pid=24421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3226/bus" dev="sda1" ino=17034 res=1 [ 2239.622818][ T27] audit: type=1804 audit(1586453135.776:44855): pid=24425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2539/bus" dev="sda1" ino=17065 res=1 [ 2239.652160][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7782,uid=0 17:25:36 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2239.800279][ T27] audit: type=1804 audit(1586453135.796:44856): pid=24423 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2838/bus" dev="sda1" ino=17037 res=1 [ 2239.899610][ T7820] Memory cgroup out of memory: Killed process 7782 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2239.935188][ T27] audit: type=1804 audit(1586453136.026:44857): pid=24430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/607/bus" dev="sda1" ino=17126 res=1 17:25:36 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2240.400679][T24190] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2240.575020][T24190] CPU: 0 PID: 24190 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2240.583722][T24190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.593813][T24190] Call Trace: [ 2240.597117][T24190] dump_stack+0x11d/0x187 [ 2240.601459][T24190] dump_header+0xa7/0x399 [ 2240.605809][T24190] oom_kill_process.cold+0x10/0x15 [ 2240.610926][T24190] out_of_memory+0x21d/0xa30 [ 2240.615539][T24190] mem_cgroup_out_of_memory+0x12b/0x150 [ 2240.621178][T24190] try_charge+0x7ed/0xbe0 [ 2240.625544][T24190] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2240.631476][T24190] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2240.636952][T24190] __memcg_kmem_charge+0xcd/0x1b0 [ 2240.641987][T24190] __alloc_pages_nodemask+0x268/0x310 [ 2240.647423][T24190] alloc_pages_current+0xca/0x170 [ 2240.652460][T24190] pte_alloc_one+0x14/0x50 [ 2240.656888][T24190] __handle_mm_fault+0x2ae5/0x2cf0 [ 2240.662026][T24190] handle_mm_fault+0x21c/0x540 [ 2240.666869][T24190] do_page_fault+0x4a4/0xa52 [ 2240.671493][T24190] ? syscall_return_slowpath+0x1c6/0x240 [ 2240.677136][T24190] page_fault+0x34/0x40 [ 2240.681290][T24190] RIP: 0033:0x45ae5a [ 2240.685194][T24190] Code: Bad RIP value. [ 2240.689269][T24190] RSP: 002b:00007ffc39b30870 EFLAGS: 00010246 [ 2240.695334][T24190] RAX: 0000000000000000 RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2240.703301][T24190] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2240.711278][T24190] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2240.719253][T24190] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2240.727226][T24190] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2241.279424][T24190] memory: usage 304892kB, limit 307200kB, failcnt 2331 [ 2241.304564][T24190] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2241.311684][T24190] Memory cgroup stats for /syz1: [ 2241.312275][T24190] anon 268812288 [ 2241.312275][T24190] file 20480 [ 2241.312275][T24190] kernel_stack 3944448 [ 2241.312275][T24190] slab 7413760 [ 2241.312275][T24190] sock 53248 [ 2241.312275][T24190] shmem 0 [ 2241.312275][T24190] file_mapped 0 [ 2241.312275][T24190] file_dirty 0 [ 2241.312275][T24190] file_writeback 0 [ 2241.312275][T24190] anon_thp 239075328 [ 2241.312275][T24190] inactive_anon 0 [ 2241.312275][T24190] active_anon 268812288 [ 2241.312275][T24190] inactive_file 0 [ 2241.312275][T24190] active_file 20480 [ 2241.312275][T24190] unevictable 0 [ 2241.312275][T24190] slab_reclaimable 1486848 [ 2241.312275][T24190] slab_unreclaimable 5926912 [ 2241.312275][T24190] pgfault 174438 [ 2241.312275][T24190] pgmajfault 0 [ 2241.312275][T24190] workingset_refault 66 [ 2241.312275][T24190] workingset_activate 66 [ 2241.312275][T24190] workingset_nodereclaim 0 [ 2241.312275][T24190] pgrefill 1301 [ 2241.312275][T24190] pgscan 1328 [ 2241.312275][T24190] pgsteal 335 [ 2241.702096][T24190] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7568,uid=0 [ 2241.770095][T24190] Memory cgroup out of memory: Killed process 7568 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2242.096382][ T2523] block nbd1: Attempted send on invalid socket [ 2242.102711][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2242.117019][T24687] XFS (nbd1): SB validate failed with error -5. 17:25:38 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xf5ffffff00000000, 0x0) 17:25:38 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:38 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:38 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:38 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:38 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 2242.963905][ T2523] block nbd1: Attempted send on invalid socket [ 2242.970266][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 17:25:39 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2243.013737][T24797] XFS (nbd1): SB validate failed with error -5. 17:25:39 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:39 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:39 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:39 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:39 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xf6ffffff00000000, 0x0) [ 2243.586875][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 2243.586895][ T27] audit: type=1804 audit(1586453139.776:44865): pid=24960 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2541/bus" dev="sda1" ino=17170 res=1 [ 2243.730768][ T27] audit: type=1804 audit(1586453139.836:44866): pid=24968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3357/bus" dev="sda1" ino=17396 res=1 17:25:40 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2243.915875][ T27] audit: type=1804 audit(1586453139.956:44867): pid=24969 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/611/bus" dev="sda1" ino=17412 res=1 [ 2244.100943][ T27] audit: type=1804 audit(1586453140.046:44868): pid=24973 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2840/bus" dev="sda1" ino=17398 res=1 17:25:40 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2244.330530][ T27] audit: type=1804 audit(1586453140.516:44869): pid=25081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3228/bus" dev="sda1" ino=17172 res=1 [ 2244.400284][ T2522] block nbd1: Attempted send on invalid socket [ 2244.406648][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2244.419367][T25082] XFS (nbd1): SB validate failed with error -5. 17:25:40 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 17:25:40 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2244.672912][ T27] audit: type=1804 audit(1586453140.866:44870): pid=25094 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/612/bus" dev="sda1" ino=17173 res=1 [ 2244.884991][ T27] audit: type=1804 audit(1586453141.076:44871): pid=25107 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2542/bus" dev="sda1" ino=16664 res=1 [ 2245.003469][ T27] audit: type=1804 audit(1586453141.186:44872): pid=25109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3358/bus" dev="sda1" ino=17501 res=1 17:25:41 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xfcfdffff00000000, 0x0) 17:25:41 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:41 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:41 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x0) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2245.528188][ T27] audit: type=1804 audit(1586453141.716:44873): pid=25221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3229/bus" dev="sda1" ino=16668 res=1 17:25:41 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r1 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 2245.738198][ T27] audit: type=1804 audit(1586453141.926:44874): pid=25226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/613/bus" dev="sda1" ino=17348 res=1 17:25:42 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2245.968063][ T2522] block nbd1: Attempted send on invalid socket [ 2245.974424][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2245.986556][T25229] XFS (nbd1): SB validate failed with error -5. 17:25:42 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2246.389735][ T2522] block nbd1: Attempted send on invalid socket [ 2246.396033][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2246.407772][T25229] XFS (nbd1): SB validate failed with error -5. 17:25:42 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff00000000000000, 0x0) [ 2246.603154][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:25:42 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2246.791290][ T7820] CPU: 1 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2246.799899][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2246.809999][ T7820] Call Trace: [ 2246.813311][ T7820] dump_stack+0x11d/0x187 [ 2246.817660][ T7820] dump_header+0xa7/0x399 [ 2246.822083][ T7820] oom_kill_process.cold+0x10/0x15 [ 2246.827304][ T7820] out_of_memory+0x21d/0xa30 [ 2246.831912][ T7820] ? __rcu_read_unlock+0x66/0x2f0 17:25:43 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2246.836967][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2246.842526][ T7820] try_charge+0xb60/0xbe0 [ 2246.846881][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2246.852530][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2246.858519][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2246.864025][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2246.869068][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2246.874472][ T7820] alloc_pages_current+0xca/0x170 [ 2246.879542][ T7820] pte_alloc_one+0x14/0x50 [ 2246.883970][ T7820] __pte_alloc+0x27/0x210 [ 2246.888367][ T7820] copy_page_range+0x1391/0x1a40 [ 2246.893418][ T7820] dup_mm+0x72e/0xb90 [ 2246.897430][ T7820] copy_process+0x39ad/0x3b10 [ 2246.902269][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2246.907195][ T7820] _do_fork+0xf7/0x790 [ 2246.911303][ T7820] ? __read_once_size+0x45/0xd0 [ 2246.916158][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2246.921020][ T7820] __x64_sys_clone+0x12e/0x170 [ 2246.925882][ T7820] do_syscall_64+0xc7/0x390 [ 2246.930400][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2246.936420][ T7820] RIP: 0033:0x45ae5a [ 2246.940353][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2246.959971][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2246.968422][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2246.976402][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2246.984379][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2246.992350][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2247.000328][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 17:25:43 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2247.164441][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2409 [ 2247.211181][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2247.257450][ T7820] Memory cgroup stats for /syz1: [ 2247.257651][ T7820] anon 270946304 [ 2247.257651][ T7820] file 20480 [ 2247.257651][ T7820] kernel_stack 3907584 [ 2247.257651][ T7820] slab 7413760 [ 2247.257651][ T7820] sock 53248 [ 2247.257651][ T7820] shmem 0 [ 2247.257651][ T7820] file_mapped 0 [ 2247.257651][ T7820] file_dirty 0 [ 2247.257651][ T7820] file_writeback 0 [ 2247.257651][ T7820] anon_thp 241172480 [ 2247.257651][ T7820] inactive_anon 0 [ 2247.257651][ T7820] active_anon 270946304 [ 2247.257651][ T7820] inactive_file 0 17:25:43 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2247.257651][ T7820] active_file 20480 [ 2247.257651][ T7820] unevictable 0 [ 2247.257651][ T7820] slab_reclaimable 1486848 [ 2247.257651][ T7820] slab_unreclaimable 5926912 [ 2247.257651][ T7820] pgfault 174801 [ 2247.257651][ T7820] pgmajfault 0 [ 2247.257651][ T7820] workingset_refault 66 [ 2247.257651][ T7820] workingset_activate 66 [ 2247.257651][ T7820] workingset_nodereclaim 0 [ 2247.257651][ T7820] pgrefill 1301 [ 2247.257651][ T7820] pgscan 1328 [ 2247.257651][ T7820] pgsteal 335 17:25:43 executing program 4: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:25:44 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f0000, 0x0) 17:25:44 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:44 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 2248.224902][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25362,uid=0 17:25:44 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f0000, 0x0) 17:25:44 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2248.492163][ T7820] Memory cgroup out of memory: Killed process 25362 (syz-executor.1) total-vm:74968kB, anon-rss:2216kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 17:25:44 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2248.932214][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 2248.932236][ T27] audit: type=1804 audit(1586453145.126:44884): pid=25632 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2545/bus" dev="sda1" ino=17007 res=1 [ 2249.087381][ T27] audit: type=1804 audit(1586453145.126:44885): pid=25630 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2843/bus" dev="sda1" ino=17241 res=1 [ 2249.465473][ T2522] block nbd1: Attempted send on invalid socket [ 2249.471706][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2249.485914][T25642] XFS (nbd1): SB validate failed with error -5. 17:25:45 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f000000000000, 0x0) 17:25:45 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f0000, 0x0) 17:25:45 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:45 executing program 0: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:45 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2249.795772][ T27] audit: type=1804 audit(1586453145.986:44886): pid=25660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3362/bus" dev="sda1" ino=17504 res=1 17:25:46 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2249.938703][ T27] audit: type=1804 audit(1586453146.126:44887): pid=25662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3232/bus" dev="sda1" ino=17176 res=1 [ 2249.973472][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:25:46 executing program 3: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2250.095906][ T27] audit: type=1804 audit(1586453146.226:44888): pid=25770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2546/bus" dev="sda1" ino=17180 res=1 [ 2250.185072][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2250.194033][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.204171][ T7820] Call Trace: [ 2250.207551][ T7820] dump_stack+0x11d/0x187 [ 2250.211897][ T7820] dump_header+0xa7/0x399 [ 2250.216340][ T7820] oom_kill_process.cold+0x10/0x15 [ 2250.221466][ T7820] out_of_memory+0x21d/0xa30 [ 2250.226134][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2250.231177][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2250.236747][ T7820] try_charge+0xb60/0xbe0 [ 2250.241110][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2250.246594][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2250.251639][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2250.257040][ T7820] alloc_pages_current+0xca/0x170 [ 2250.262072][ T7820] pte_alloc_one+0x14/0x50 [ 2250.266498][ T7820] __pte_alloc+0x27/0x210 [ 2250.270890][ T7820] copy_page_range+0x1391/0x1a40 [ 2250.275873][ T7820] dup_mm+0x72e/0xb90 [ 2250.279921][ T7820] copy_process+0x39ad/0x3b10 [ 2250.284600][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2250.289651][ T7820] _do_fork+0xf7/0x790 [ 2250.293730][ T7820] ? __read_once_size+0x45/0xd0 [ 2250.298650][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2250.303516][ T7820] __x64_sys_clone+0x12e/0x170 [ 2250.308326][ T7820] do_syscall_64+0xc7/0x390 [ 2250.312911][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2250.318847][ T7820] RIP: 0033:0x45ae5a [ 2250.322748][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2250.342365][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2250.350778][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2250.358751][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2250.366746][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2250.374727][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2250.382722][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 17:25:46 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:47 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xfcfdffff, 0x0) 17:25:47 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2250.997225][ T27] audit: type=1804 audit(1586453147.186:44889): pid=25800 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3363/bus" dev="sda1" ino=17171 res=1 17:25:47 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) 17:25:47 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) [ 2251.198760][ T2522] block nbd0: Attempted send on invalid socket [ 2251.205071][ T2522] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2251.216502][T25805] XFS (nbd0): SB validate failed with error -5. [ 2251.263927][ T27] audit: type=1804 audit(1586453147.456:44890): pid=25809 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2547/bus" dev="sda1" ino=17239 res=1 [ 2251.461376][ T27] audit: type=1804 audit(1586453147.646:44891): pid=25819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3234/bus" dev="sda1" ino=17205 res=1 [ 2251.506465][ T7820] memory: usage 307192kB, limit 307200kB, failcnt 2463 [ 2251.570325][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2251.664786][ T7820] Memory cgroup stats for /syz1: [ 2251.665179][ T7820] anon 270942208 [ 2251.665179][ T7820] file 20480 [ 2251.665179][ T7820] kernel_stack 3907584 [ 2251.665179][ T7820] slab 7413760 [ 2251.665179][ T7820] sock 53248 [ 2251.665179][ T7820] shmem 0 [ 2251.665179][ T7820] file_mapped 0 [ 2251.665179][ T7820] file_dirty 0 [ 2251.665179][ T7820] file_writeback 0 [ 2251.665179][ T7820] anon_thp 241172480 [ 2251.665179][ T7820] inactive_anon 0 [ 2251.665179][ T7820] active_anon 270942208 [ 2251.665179][ T7820] inactive_file 0 [ 2251.665179][ T7820] active_file 20480 [ 2251.665179][ T7820] unevictable 0 [ 2251.665179][ T7820] slab_reclaimable 1486848 [ 2251.665179][ T7820] slab_unreclaimable 5926912 [ 2251.665179][ T7820] pgfault 174867 [ 2251.665179][ T7820] pgmajfault 0 [ 2251.665179][ T7820] workingset_refault 66 [ 2251.665179][ T7820] workingset_activate 66 [ 2251.665179][ T7820] workingset_nodereclaim 0 [ 2251.665179][ T7820] pgrefill 1301 [ 2251.665179][ T7820] pgscan 1328 [ 2251.665179][ T7820] pgsteal 335 [ 2251.765167][ T27] audit: type=1804 audit(1586453147.956:44892): pid=25821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2845/bus" dev="sda1" ino=17170 res=1 [ 2252.101933][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=24702,uid=0 [ 2252.224589][ T7820] Memory cgroup out of memory: Killed process 24702 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2252.675711][ T2523] block nbd1: Attempted send on invalid socket [ 2252.681967][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2252.696378][T25835] XFS (nbd1): SB validate failed with error -5. 17:25:49 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xffefffffff7f0000, 0x0) 17:25:49 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x88020000, 0x0) 17:25:49 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:49 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:49 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x6a000000, 0x0) 17:25:49 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x40000000, 0x0) [ 2253.019135][ T27] audit: type=1804 audit(1586453149.206:44893): pid=25862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3364/bus" dev="sda1" ino=17530 res=1 [ 2253.075453][ T2523] block nbd3: Attempted send on invalid socket [ 2253.081764][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2253.094176][T25860] XFS (nbd3): SB validate failed with error -5. [ 2253.108831][ T2523] block nbd0: Attempted send on invalid socket [ 2253.115247][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2253.125760][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2253.132903][T25861] XFS (nbd0): SB validate failed with error -5. [ 2253.138148][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2253.152880][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.162926][ T7820] Call Trace: [ 2253.166238][ T7820] dump_stack+0x11d/0x187 [ 2253.171017][ T7820] dump_header+0xa7/0x399 [ 2253.175356][ T7820] oom_kill_process.cold+0x10/0x15 [ 2253.180482][ T7820] out_of_memory+0x21d/0xa30 [ 2253.185153][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2253.190196][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2253.195836][ T7820] try_charge+0xb60/0xbe0 [ 2253.200336][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2253.205974][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2253.211880][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2253.217398][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2253.222435][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2253.228488][ T7820] alloc_pages_current+0xca/0x170 [ 2253.233518][ T7820] pte_alloc_one+0x14/0x50 [ 2253.237944][ T7820] __pte_alloc+0x27/0x210 [ 2253.242320][ T7820] copy_page_range+0x1391/0x1a40 [ 2253.247423][ T7820] dup_mm+0x72e/0xb90 [ 2253.251546][ T7820] copy_process+0x39ad/0x3b10 [ 2253.256269][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2253.261241][ T7820] _do_fork+0xf7/0x790 [ 2253.265441][ T7820] ? __read_once_size+0x45/0xd0 [ 2253.270305][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2253.275273][ T7820] __x64_sys_clone+0x12e/0x170 [ 2253.280057][ T7820] do_syscall_64+0xc7/0x390 [ 2253.284578][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2253.290475][ T7820] RIP: 0033:0x45ae5a [ 2253.294387][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2253.313996][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2253.322450][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2253.331207][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2253.339232][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2253.347269][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2253.355248][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2253.367683][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2508 [ 2253.374696][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2253.381528][ T7820] Memory cgroup stats for /syz1: [ 2253.381678][ T7820] anon 271069184 [ 2253.381678][ T7820] file 20480 [ 2253.381678][ T7820] kernel_stack 3944448 [ 2253.381678][ T7820] slab 7548928 [ 2253.381678][ T7820] sock 53248 [ 2253.381678][ T7820] shmem 0 [ 2253.381678][ T7820] file_mapped 0 [ 2253.381678][ T7820] file_dirty 0 [ 2253.381678][ T7820] file_writeback 0 [ 2253.381678][ T7820] anon_thp 241172480 [ 2253.381678][ T7820] inactive_anon 0 [ 2253.381678][ T7820] active_anon 271069184 [ 2253.381678][ T7820] inactive_file 0 [ 2253.381678][ T7820] active_file 20480 [ 2253.381678][ T7820] unevictable 0 [ 2253.381678][ T7820] slab_reclaimable 1486848 [ 2253.381678][ T7820] slab_unreclaimable 6062080 [ 2253.381678][ T7820] pgfault 174966 [ 2253.381678][ T7820] pgmajfault 0 [ 2253.381678][ T7820] workingset_refault 66 [ 2253.381678][ T7820] workingset_activate 66 [ 2253.381678][ T7820] workingset_nodereclaim 0 [ 2253.381678][ T7820] pgrefill 1301 [ 2253.381678][ T7820] pgscan 1328 [ 2253.381678][ T7820] pgsteal 335 [ 2253.412073][ T2523] block nbd4: Attempted send on invalid socket [ 2253.478181][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25848,uid=0 [ 2253.484843][ T2523] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2253.497260][ T7820] Memory cgroup out of memory: Killed process 25848 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2253.523710][T25863] XFS (nbd4): SB validate failed with error -5. 17:25:49 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:49 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x88020000, 0x0) 17:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000740)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}], 0x5}}], 0x1, 0x0, 0x0) 17:25:49 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x4000000, 0x0) [ 2253.802477][ T2522] block nbd1: Attempted send on invalid socket [ 2253.808699][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2253.821507][T26000] XFS (nbd1): SB validate failed with error -5. 17:25:50 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xfffdffff00000000, 0x0) 17:25:50 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2253.945917][ T2522] block nbd3: Attempted send on invalid socket [ 2253.952166][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2253.971988][T26018] XFS (nbd3): SB validate failed with error -5. 17:25:50 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2254.088699][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:25:50 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x88020000, 0x0) [ 2254.172528][ T2523] block nbd0: Attempted send on invalid socket [ 2254.179348][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2254.194028][T26021] XFS (nbd0): SB validate failed with error -5. 17:25:50 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:50 executing program 0: socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r0, &(0x7f0000000300), 0x64, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2254.253219][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 2254.253240][ T27] audit: type=1804 audit(1586453150.446:44896): pid=26133 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2549/bus" dev="sda1" ino=17527 res=1 [ 2254.342042][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2254.350648][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.360701][ T7820] Call Trace: [ 2254.364008][ T7820] dump_stack+0x11d/0x187 [ 2254.368354][ T7820] dump_header+0xa7/0x399 [ 2254.372724][ T7820] oom_kill_process.cold+0x10/0x15 [ 2254.377945][ T7820] out_of_memory+0x21d/0xa30 [ 2254.382549][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2254.387595][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2254.393159][ T7820] try_charge+0xb60/0xbe0 [ 2254.397511][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2254.403210][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2254.409121][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2254.414605][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2254.419644][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2254.425034][ T7820] alloc_pages_current+0xca/0x170 [ 2254.430132][ T7820] pte_alloc_one+0x14/0x50 [ 2254.434564][ T7820] __pte_alloc+0x27/0x210 [ 2254.438909][ T7820] copy_page_range+0x1391/0x1a40 [ 2254.443888][ T7820] dup_mm+0x72e/0xb90 [ 2254.447966][ T7820] copy_process+0x39ad/0x3b10 [ 2254.452655][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2254.457555][ T7820] _do_fork+0xf7/0x790 [ 2254.461635][ T7820] ? finish_task_switch+0x7b/0x260 [ 2254.466758][ T7820] ? __switch_to+0x13a/0x470 [ 2254.471407][ T7820] __x64_sys_clone+0x12e/0x170 [ 2254.476210][ T7820] do_syscall_64+0xc7/0x390 [ 2254.480732][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2254.487114][ T7820] RIP: 0033:0x45ae5a [ 2254.491074][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2254.510844][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2254.519280][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2254.527270][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2254.535268][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2254.543246][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2254.551225][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2254.559420][ T27] audit: type=1804 audit(1586453150.536:44897): pid=26153 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3366/bus" dev="sda1" ino=17539 res=1 [ 2254.613078][ T2522] block nbd3: Attempted send on invalid socket [ 2254.619308][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2254.631079][T26144] XFS (nbd3): SB validate failed with error -5. 17:25:50 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:51 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xa05100, 0x0) [ 2254.767556][ T27] audit: type=1804 audit(1586453150.536:44898): pid=26150 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2848/bus" dev="sda1" ino=17534 res=1 17:25:51 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) [ 2255.079079][ T27] audit: type=1804 audit(1586453151.266:44899): pid=26265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3367/bus" dev="sda1" ino=17539 res=1 17:25:51 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) 17:25:51 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:51 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xa05100, 0x0) [ 2255.520370][ T27] audit: type=1804 audit(1586453151.706:44900): pid=26387 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2550/bus" dev="sda1" ino=17537 res=1 [ 2255.909713][ T7820] memory: usage 307180kB, limit 307200kB, failcnt 2549 [ 2255.951935][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2256.009431][ T7820] Memory cgroup stats for /syz1: [ 2256.009562][ T7820] anon 270954496 [ 2256.009562][ T7820] file 20480 [ 2256.009562][ T7820] kernel_stack 3944448 [ 2256.009562][ T7820] slab 7548928 [ 2256.009562][ T7820] sock 53248 [ 2256.009562][ T7820] shmem 0 [ 2256.009562][ T7820] file_mapped 0 [ 2256.009562][ T7820] file_dirty 0 [ 2256.009562][ T7820] file_writeback 0 [ 2256.009562][ T7820] anon_thp 241172480 [ 2256.009562][ T7820] inactive_anon 0 [ 2256.009562][ T7820] active_anon 270954496 [ 2256.009562][ T7820] inactive_file 0 [ 2256.009562][ T7820] active_file 20480 [ 2256.009562][ T7820] unevictable 0 [ 2256.009562][ T7820] slab_reclaimable 1486848 [ 2256.009562][ T7820] slab_unreclaimable 6062080 [ 2256.009562][ T7820] pgfault 175032 [ 2256.009562][ T7820] pgmajfault 0 [ 2256.009562][ T7820] workingset_refault 66 [ 2256.009562][ T7820] workingset_activate 66 [ 2256.009562][ T7820] workingset_nodereclaim 0 [ 2256.009562][ T7820] pgrefill 1301 [ 2256.009562][ T7820] pgscan 1328 [ 2256.009562][ T7820] pgsteal 335 [ 2256.172120][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7444,uid=0 [ 2256.428226][ T7820] Memory cgroup out of memory: Killed process 7444 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2256.782504][ T2523] block nbd1: Attempted send on invalid socket [ 2256.788813][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2256.808232][T26518] XFS (nbd1): SB validate failed with error -5. 17:25:53 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xffffffff00000000, 0x0) 17:25:53 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) 17:25:53 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xa05100, 0x0) 17:25:53 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:53 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) [ 2257.091188][ T27] audit: type=1804 audit(1586453153.276:44901): pid=26546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2551/bus" dev="sda1" ino=17573 res=1 [ 2257.172222][ T2522] block nbd3: Attempted send on invalid socket [ 2257.178425][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2257.190057][T26543] XFS (nbd3): SB validate failed with error -5. [ 2257.198484][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:25:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) 17:25:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) [ 2257.309288][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2257.317900][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2257.327948][ T7820] Call Trace: [ 2257.331325][ T7820] dump_stack+0x11d/0x187 [ 2257.334649][ T27] audit: type=1804 audit(1586453153.286:44902): pid=26542 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3368/bus" dev="sda1" ino=17574 res=1 [ 2257.335663][ T7820] dump_header+0xa7/0x399 [ 2257.335686][ T7820] oom_kill_process.cold+0x10/0x15 [ 2257.335707][ T7820] out_of_memory+0x21d/0xa30 [ 2257.335730][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2257.335762][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2257.385014][ T7820] try_charge+0xb60/0xbe0 [ 2257.389408][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2257.395070][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2257.400998][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2257.406472][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2257.411561][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2257.416946][ T7820] alloc_pages_current+0xca/0x170 [ 2257.422056][ T7820] pte_alloc_one+0x14/0x50 [ 2257.426480][ T7820] __pte_alloc+0x27/0x210 [ 2257.430829][ T7820] copy_page_range+0x1391/0x1a40 [ 2257.435802][ T7820] dup_mm+0x72e/0xb90 [ 2257.439872][ T7820] copy_process+0x39ad/0x3b10 [ 2257.444555][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2257.449457][ T7820] _do_fork+0xf7/0x790 [ 2257.453531][ T7820] ? __read_once_size+0x45/0xd0 [ 2257.458387][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2257.463253][ T7820] __x64_sys_clone+0x12e/0x170 [ 2257.468086][ T7820] do_syscall_64+0xc7/0x390 [ 2257.472653][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2257.478552][ T7820] RIP: 0033:0x45ae5a [ 2257.482455][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2257.502065][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2257.510585][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2257.512140][ T27] audit: type=1804 audit(1586453153.496:44903): pid=26547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2849/bus" dev="sda1" ino=17578 res=1 [ 2257.518553][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2257.518565][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2257.518574][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2257.518584][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 17:25:53 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f, 0x0) 17:25:53 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$inet(0x10, 0x80002, 0x0) sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000190007041dfffd946f6105000a0000e8fe02080100350800080010000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 2257.736336][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2591 [ 2257.743740][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2257.753419][ T7820] Memory cgroup stats for /syz1: [ 2257.753556][ T7820] anon 270958592 [ 2257.753556][ T7820] file 20480 [ 2257.753556][ T7820] kernel_stack 3907584 [ 2257.753556][ T7820] slab 7548928 [ 2257.753556][ T7820] sock 53248 [ 2257.753556][ T7820] shmem 0 [ 2257.753556][ T7820] file_mapped 0 [ 2257.753556][ T7820] file_dirty 0 [ 2257.753556][ T7820] file_writeback 0 [ 2257.753556][ T7820] anon_thp 241172480 [ 2257.753556][ T7820] inactive_anon 0 [ 2257.753556][ T7820] active_anon 270958592 [ 2257.753556][ T7820] inactive_file 0 [ 2257.753556][ T7820] active_file 20480 [ 2257.753556][ T7820] unevictable 0 [ 2257.753556][ T7820] slab_reclaimable 1486848 [ 2257.753556][ T7820] slab_unreclaimable 6062080 [ 2257.753556][ T7820] pgfault 175164 [ 2257.753556][ T7820] pgmajfault 0 [ 2257.753556][ T7820] workingset_refault 66 [ 2257.753556][ T7820] workingset_activate 66 [ 2257.753556][ T7820] workingset_nodereclaim 0 [ 2257.753556][ T7820] pgrefill 1301 [ 2257.753556][ T7820] pgscan 1328 [ 2257.753556][ T7820] pgsteal 335 [ 2257.904453][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26532,uid=0 [ 2257.924345][T26675] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 17:25:54 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f, 0x0) [ 2258.163208][ T7820] Memory cgroup out of memory: Killed process 26532 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 17:25:55 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xffffffffff600000, 0x0) 17:25:55 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:55 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:55 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:55 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xff0f, 0x0) 17:25:55 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2259.192619][ T27] audit: type=1804 audit(1586453155.386:44904): pid=26917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3369/bus" dev="sda1" ino=16668 res=1 [ 2259.278982][ T2523] block nbd3: Attempted send on invalid socket [ 2259.285304][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2259.303239][T26919] XFS (nbd3): SB validate failed with error -5. [ 2259.406763][ T27] audit: type=1804 audit(1586453155.436:44905): pid=26918 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2552/bus" dev="sda1" ino=17612 res=1 17:25:55 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040), 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd1, &(0x7f0000000040)=0x1, 0x4) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r2, &(0x7f0000000300), 0x64, 0x0, 0x0) [ 2259.557937][ T27] audit: type=1804 audit(1586453155.476:44906): pid=26912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3244/bus" dev="sda1" ino=17610 res=1 [ 2259.601953][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2259.711502][ T27] audit: type=1804 audit(1586453155.696:44907): pid=26920 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2850/bus" dev="sda1" ino=17611 res=1 [ 2259.846309][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2259.854948][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2259.856538][T27038] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2259.864998][ T7820] Call Trace: [ 2259.865029][ T7820] dump_stack+0x11d/0x187 [ 2259.874270][T27038] device bond0 left promiscuous mode [ 2259.875558][ T7820] dump_header+0xa7/0x399 [ 2259.875719][ T7820] oom_kill_process.cold+0x10/0x15 [ 2259.880264][T27038] device bond_slave_0 left promiscuous mode [ 2259.885257][ T7820] out_of_memory+0x21d/0xa30 [ 2259.885279][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2259.885376][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2259.890680][T27038] device bond_slave_1 left promiscuous mode [ 2259.894774][ T7820] try_charge+0xb60/0xbe0 [ 2259.894802][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2259.894839][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2259.912077][T27038] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2259.915822][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2259.915881][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2259.927895][T27038] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2259.931712][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2259.931743][ T7820] alloc_pages_current+0xca/0x170 [ 2259.973204][ T7820] pte_alloc_one+0x14/0x50 [ 2259.977656][ T7820] __pte_alloc+0x27/0x210 [ 2259.982010][ T7820] copy_page_range+0x1391/0x1a40 [ 2259.986979][ T7820] dup_mm+0x72e/0xb90 [ 2259.990988][ T7820] copy_process+0x39ad/0x3b10 [ 2259.995810][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2260.000712][ T7820] _do_fork+0xf7/0x790 [ 2260.004841][ T7820] ? __read_once_size+0x45/0xd0 [ 2260.009733][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2260.014599][ T7820] __x64_sys_clone+0x12e/0x170 [ 2260.019373][ T7820] do_syscall_64+0xc7/0x390 [ 2260.023905][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2260.029804][ T7820] RIP: 0033:0x45ae5a [ 2260.033708][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2260.053338][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2260.061755][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2260.069777][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2260.077754][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2260.085728][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 17:25:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040), 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd1, &(0x7f0000000040)=0x1, 0x4) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r2, &(0x7f0000000300), 0x64, 0x0, 0x0) [ 2260.093753][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2260.126260][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2627 [ 2260.135477][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2260.143056][ T7820] Memory cgroup stats for /syz1: [ 2260.143331][ T7820] anon 270950400 [ 2260.143331][ T7820] file 20480 [ 2260.143331][ T7820] kernel_stack 3944448 [ 2260.143331][ T7820] slab 7548928 [ 2260.143331][ T7820] sock 53248 [ 2260.143331][ T7820] shmem 0 [ 2260.143331][ T7820] file_mapped 0 [ 2260.143331][ T7820] file_dirty 0 [ 2260.143331][ T7820] file_writeback 0 [ 2260.143331][ T7820] anon_thp 241172480 [ 2260.143331][ T7820] inactive_anon 0 [ 2260.143331][ T7820] active_anon 270950400 [ 2260.143331][ T7820] inactive_file 0 [ 2260.143331][ T7820] active_file 20480 [ 2260.143331][ T7820] unevictable 0 [ 2260.143331][ T7820] slab_reclaimable 1486848 [ 2260.143331][ T7820] slab_unreclaimable 6062080 [ 2260.143331][ T7820] pgfault 175230 [ 2260.143331][ T7820] pgmajfault 0 [ 2260.143331][ T7820] workingset_refault 66 [ 2260.143331][ T7820] workingset_activate 66 [ 2260.143331][ T7820] workingset_nodereclaim 0 [ 2260.143331][ T7820] pgrefill 1301 [ 2260.143331][ T7820] pgscan 1328 [ 2260.143331][ T7820] pgsteal 335 [ 2260.191716][T27143] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:25:56 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:56 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:56 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:25:56 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2260.504650][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7414,uid=0 [ 2260.580324][T27143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2260.632683][T27143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2260.651151][ T27] audit: type=1804 audit(1586453156.836:44908): pid=27211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3370/bus" dev="sda1" ino=17605 res=1 [ 2260.699434][ T7820] Memory cgroup out of memory: Killed process 7414 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2260.787389][ T27] audit: type=1804 audit(1586453156.916:44909): pid=27187 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2553/bus" dev="sda1" ino=17603 res=1 [ 2260.949252][ T27] audit: type=1804 audit(1586453156.976:44910): pid=27259 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3245/bus" dev="sda1" ino=17522 res=1 [ 2261.120133][ T27] audit: type=1804 audit(1586453157.006:44911): pid=27223 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2851/bus" dev="sda1" ino=17609 res=1 [ 2261.315573][ T2522] block nbd1: Attempted send on invalid socket [ 2261.321807][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2261.334002][T27270] XFS (nbd1): SB validate failed with error -5. 17:25:57 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xffffffffffffffff, 0x0) 17:25:57 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:57 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040), 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd1, &(0x7f0000000040)=0x1, 0x4) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r2, &(0x7f0000000300), 0x64, 0x0, 0x0) [ 2261.480375][T27286] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2261.527571][ T27] audit: type=1804 audit(1586453157.716:44912): pid=27287 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3371/bus" dev="sda1" ino=17523 res=1 17:25:57 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2261.580296][T27286] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2261.641839][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2261.662375][T27286] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:25:57 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:57 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xde00, 0x0) [ 2261.786775][ T27] audit: type=1804 audit(1586453157.976:44913): pid=27391 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2554/bus" dev="sda1" ino=17525 res=1 [ 2261.849285][ T7820] CPU: 0 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2261.857911][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2261.867965][ T7820] Call Trace: [ 2261.871299][ T7820] dump_stack+0x11d/0x187 [ 2261.875639][ T7820] dump_header+0xa7/0x399 [ 2261.879994][ T7820] oom_kill_process.cold+0x10/0x15 [ 2261.885224][ T7820] out_of_memory+0x21d/0xa30 [ 2261.889837][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2261.895003][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2261.900712][ T7820] try_charge+0xb60/0xbe0 [ 2261.905166][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2261.910884][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2261.916793][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2261.922275][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2261.927318][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2261.932939][ T7820] alloc_pages_current+0xca/0x170 [ 2261.938105][ T7820] pte_alloc_one+0x14/0x50 [ 2261.942538][ T7820] __pte_alloc+0x27/0x210 [ 2261.946894][ T7820] copy_page_range+0x1391/0x1a40 [ 2261.951888][ T7820] dup_mm+0x72e/0xb90 [ 2261.955894][ T7820] copy_process+0x39ad/0x3b10 [ 2261.960683][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2261.965560][ T7820] _do_fork+0xf7/0x790 [ 2261.969740][ T7820] ? __read_once_size+0x45/0xd0 [ 2261.974602][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2261.979339][ T27] audit: type=1804 audit(1586453158.036:44914): pid=27397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3372/bus" dev="sda1" ino=17597 res=1 [ 2261.979469][ T7820] __x64_sys_clone+0x12e/0x170 [ 2262.009060][ T7820] do_syscall_64+0xc7/0x390 [ 2262.013587][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2262.019497][ T7820] RIP: 0033:0x45ae5a [ 2262.023498][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 17:25:58 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:25:58 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2262.043216][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2262.051715][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2262.059797][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2262.067776][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2262.075755][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2262.083728][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2262.313005][ T2523] block nbd0: Attempted send on invalid socket [ 2262.319384][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 17:25:58 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x8a00, 0x0) [ 2262.359299][T27400] XFS (nbd0): SB validate failed with error -5. [ 2262.382369][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2663 17:25:58 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x7400, 0x0) [ 2262.521943][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2262.528913][ T7820] Memory cgroup stats for /syz1: [ 2262.529111][ T7820] anon 270962688 [ 2262.529111][ T7820] file 20480 [ 2262.529111][ T7820] kernel_stack 3944448 [ 2262.529111][ T7820] slab 7548928 [ 2262.529111][ T7820] sock 53248 [ 2262.529111][ T7820] shmem 0 [ 2262.529111][ T7820] file_mapped 0 [ 2262.529111][ T7820] file_dirty 0 [ 2262.529111][ T7820] file_writeback 0 [ 2262.529111][ T7820] anon_thp 241172480 [ 2262.529111][ T7820] inactive_anon 0 [ 2262.529111][ T7820] active_anon 270962688 [ 2262.529111][ T7820] inactive_file 0 [ 2262.529111][ T7820] active_file 20480 [ 2262.529111][ T7820] unevictable 0 [ 2262.529111][ T7820] slab_reclaimable 1486848 [ 2262.529111][ T7820] slab_unreclaimable 6062080 [ 2262.529111][ T7820] pgfault 175296 [ 2262.529111][ T7820] pgmajfault 0 [ 2262.529111][ T7820] workingset_refault 66 [ 2262.529111][ T7820] workingset_activate 66 [ 2262.529111][ T7820] workingset_nodereclaim 0 [ 2262.529111][ T7820] pgrefill 1301 [ 2262.529111][ T7820] pgscan 1328 [ 2262.529111][ T7820] pgsteal 335 17:25:58 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2262.643874][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7148,uid=0 17:25:58 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2262.949712][ T2522] block nbd0: Attempted send on invalid socket [ 2262.955983][ T2522] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2262.967313][T27426] XFS (nbd0): SB validate failed with error -5. [ 2263.034347][ T7820] Memory cgroup out of memory: Killed process 7148 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2263.572635][ T2523] block nbd1: Attempted send on invalid socket [ 2263.578969][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2263.606601][T27548] XFS (nbd1): SB validate failed with error -5. 17:26:00 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCRSSCAUSE(r2, 0x89e1, &(0x7f0000000300)=0x59) prctl$PR_GET_THP_DISABLE(0x2a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000040)=0x3) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r7, 0x10, 0x0, @in6={0xa, 0x4e21, 0x2, @mcast1, 0x8}}}, 0x90) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB='/\x00'], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:00 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x8a00, 0x0) 17:26:00 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:00 executing program 0: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:00 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x8, 0xe5}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r2, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x1, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x8a8, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000002c0)={r3, 0x86, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83c28378d14db835bd8138f0aba594a8f36f0cf66136a7e4c69c70ab26b6bf5518bb4090d0b64b4c87f8b97df4d552b1cf"}, &(0x7f0000000040)=0x8e) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000000c0)={r3, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="2f64315e2f6e62d4f6b1"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:00 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:00 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:00 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x8a00, 0x0) 17:26:00 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2264.548346][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 2264.548367][ T27] audit: type=1804 audit(1586453160.736:44922): pid=27709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3376/bus" dev="sda1" ino=17106 res=1 17:26:00 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:01 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x6a00, 0x0) [ 2264.876060][ T27] audit: type=1804 audit(1586453161.066:44923): pid=27721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2854/bus" dev="sda1" ino=17268 res=1 17:26:01 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2264.976227][T27831] /: Can't open blockdev [ 2264.996994][ T27] audit: type=1804 audit(1586453161.186:44924): pid=27840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3377/bus" dev="sda1" ino=17059 res=1 17:26:01 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2265.124501][ T2523] block nbd3: Attempted send on invalid socket [ 2265.130700][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2265.146191][T27841] XFS (nbd3): SB validate failed with error -5. 17:26:01 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:01 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x8, 0xe5}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r2, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r3, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000040)={r3, 0x101, 0xda11, 0x4}, &(0x7f00000000c0)=0x10) 17:26:01 executing program 0: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:01 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x6a00, 0x0) [ 2265.546433][ T27] audit: type=1804 audit(1586453161.736:44925): pid=27967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3378/bus" dev="sda1" ino=17124 res=1 [ 2265.635276][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:26:01 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2265.720639][ T7820] CPU: 1 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2265.729294][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.739348][ T7820] Call Trace: [ 2265.742651][ T7820] dump_stack+0x11d/0x187 [ 2265.746991][ T7820] dump_header+0xa7/0x399 [ 2265.751334][ T7820] oom_kill_process.cold+0x10/0x15 [ 2265.756465][ T7820] out_of_memory+0x21d/0xa30 [ 2265.761130][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2265.766202][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2265.771769][ T7820] try_charge+0xb60/0xbe0 [ 2265.776121][ T7820] ? __this_cpu_preempt_check+0x3c/0x130 [ 2265.781764][ T7820] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2265.787721][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2265.793197][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2265.798237][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2265.803626][ T7820] alloc_pages_current+0xca/0x170 [ 2265.808757][ T7820] pte_alloc_one+0x14/0x50 [ 2265.813185][ T7820] __pte_alloc+0x27/0x210 [ 2265.817527][ T7820] copy_page_range+0x1391/0x1a40 [ 2265.822569][ T7820] dup_mm+0x72e/0xb90 [ 2265.826740][ T7820] copy_process+0x39ad/0x3b10 [ 2265.831458][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2265.836341][ T7820] _do_fork+0xf7/0x790 [ 2265.840511][ T7820] ? __read_once_size+0x45/0xd0 [ 2265.845357][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2265.850217][ T7820] __x64_sys_clone+0x12e/0x170 [ 2265.855000][ T7820] do_syscall_64+0xc7/0x390 [ 2265.855515][ T27] audit: type=1804 audit(1586453161.826:44926): pid=27965 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2557/bus" dev="sda1" ino=17062 res=1 [ 2265.859587][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2265.859610][ T7820] RIP: 0033:0x45ae5a [ 2265.894095][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 17:26:02 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x60ff, 0x0) [ 2265.913696][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2265.922108][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2265.930361][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2265.938330][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2265.946305][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2265.954279][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 17:26:02 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x6a00, 0x0) [ 2266.068591][ T27] audit: type=1804 audit(1586453162.026:44927): pid=27981 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3249/bus" dev="sda1" ino=17253 res=1 [ 2266.091760][ T7820] memory: usage 307200kB, limit 307200kB, failcnt 2748 17:26:02 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2266.196705][ T27] audit: type=1804 audit(1586453162.166:44928): pid=27983 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3379/bus" dev="sda1" ino=17348 res=1 [ 2266.278034][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2266.323610][ T7820] Memory cgroup stats for /syz1: [ 2266.323817][ T7820] anon 271159296 [ 2266.323817][ T7820] file 20480 [ 2266.323817][ T7820] kernel_stack 3907584 [ 2266.323817][ T7820] slab 7548928 [ 2266.323817][ T7820] sock 53248 [ 2266.323817][ T7820] shmem 0 [ 2266.323817][ T7820] file_mapped 0 [ 2266.323817][ T7820] file_dirty 0 [ 2266.323817][ T7820] file_writeback 0 [ 2266.323817][ T7820] anon_thp 241172480 [ 2266.323817][ T7820] inactive_anon 0 [ 2266.323817][ T7820] active_anon 271069184 [ 2266.323817][ T7820] inactive_file 0 [ 2266.323817][ T7820] active_file 20480 [ 2266.323817][ T7820] unevictable 0 [ 2266.323817][ T7820] slab_reclaimable 1486848 [ 2266.323817][ T7820] slab_unreclaimable 6062080 [ 2266.323817][ T7820] pgfault 175461 [ 2266.323817][ T7820] pgmajfault 0 [ 2266.323817][ T7820] workingset_refault 66 [ 2266.323817][ T7820] workingset_activate 66 [ 2266.323817][ T7820] workingset_nodereclaim 0 [ 2266.323817][ T7820] pgrefill 1301 [ 2266.323817][ T7820] pgscan 1328 [ 2266.323817][ T7820] pgsteal 335 [ 2266.326948][ T2523] block nbd4: Attempted send on invalid socket [ 2266.391921][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7014,uid=0 [ 2266.419435][ T2523] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2266.461673][T28096] XFS (nbd4): SB validate failed with error -5. [ 2266.559728][ T7820] Memory cgroup out of memory: Killed process 7014 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2266.584790][ T2522] block nbd3: Attempted send on invalid socket [ 2266.591093][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2266.606395][ T27] audit: type=1804 audit(1586453162.776:44929): pid=28110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3380/bus" dev="sda1" ino=17125 res=1 [ 2266.624521][T28108] XFS (nbd3): SB validate failed with error -5. 17:26:02 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:02 executing program 0: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:02 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:03 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:03 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2266.855169][ T27] audit: type=1804 audit(1586453162.996:44930): pid=28221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2558/bus" dev="sda1" ino=17020 res=1 [ 2266.998863][ T27] audit: type=1804 audit(1586453163.176:44931): pid=28224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3250/bus" dev="sda1" ino=17218 res=1 [ 2267.776225][ T2522] block nbd1: Attempted send on invalid socket [ 2267.782543][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2267.799853][T28349] XFS (nbd1): SB validate failed with error -5. [ 2267.957458][T28346] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2268.051659][T28346] CPU: 1 PID: 28346 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2268.060375][T28346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2268.070629][T28346] Call Trace: [ 2268.073933][T28346] dump_stack+0x11d/0x187 [ 2268.078291][T28346] dump_header+0xa7/0x399 [ 2268.082693][T28346] oom_kill_process.cold+0x10/0x15 [ 2268.087814][T28346] out_of_memory+0x21d/0xa30 [ 2268.092470][T28346] ? __rcu_read_unlock+0x66/0x2f0 [ 2268.097518][T28346] mem_cgroup_out_of_memory+0x12b/0x150 [ 2268.103085][T28346] try_charge+0xb60/0xbe0 [ 2268.107424][T28346] ? free_one_page+0x1d0/0x4e0 [ 2268.112196][T28346] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2268.117729][T28346] __memcg_kmem_charge+0xcd/0x1b0 [ 2268.122764][T28346] __alloc_pages_nodemask+0x268/0x310 [ 2268.128153][T28346] alloc_pages_current+0xca/0x170 [ 2268.133295][T28346] pte_alloc_one+0x14/0x50 [ 2268.137721][T28346] __pte_alloc+0x27/0x210 [ 2268.142082][T28346] __handle_mm_fault+0x1f63/0x2cf0 [ 2268.147234][T28346] handle_mm_fault+0x21c/0x540 [ 2268.152021][T28346] do_page_fault+0x4a4/0xa52 [ 2268.156769][T28346] ? prepare_exit_to_usermode+0x165/0x1c0 [ 2268.162494][T28346] page_fault+0x34/0x40 [ 2268.166661][T28346] RIP: 0033:0x400580 [ 2268.170563][T28346] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 15 59 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 2268.190167][T28346] RSP: 002b:00007ffc39b306d0 EFLAGS: 00010202 [ 2268.196237][T28346] RAX: 0000000000000002 RBX: 000000000076c900 RCX: 0000000020e68000 [ 2268.204206][T28346] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 2268.212274][T28346] RBP: 0000000000770868 R08: 0000000000000000 R09: 0000000000000000 [ 2268.220311][T28346] R10: 00007ffc39b307e0 R11: 0000000000000246 R12: 000000000076c040 [ 2268.228461][T28346] R13: 0000000000770870 R14: 0000000000229b19 R15: 000000000076c04c [ 2268.641091][T28346] memory: usage 307200kB, limit 307200kB, failcnt 2769 [ 2268.694436][T28346] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2268.701406][T28346] Memory cgroup stats for /syz1: [ 2268.701598][T28346] anon 271081472 [ 2268.701598][T28346] file 20480 [ 2268.701598][T28346] kernel_stack 3981312 [ 2268.701598][T28346] slab 7548928 [ 2268.701598][T28346] sock 53248 [ 2268.701598][T28346] shmem 0 [ 2268.701598][T28346] file_mapped 0 [ 2268.701598][T28346] file_dirty 0 [ 2268.701598][T28346] file_writeback 0 [ 2268.701598][T28346] anon_thp 241172480 [ 2268.701598][T28346] inactive_anon 0 [ 2268.701598][T28346] active_anon 271081472 [ 2268.701598][T28346] inactive_file 0 [ 2268.701598][T28346] active_file 20480 [ 2268.701598][T28346] unevictable 0 [ 2268.701598][T28346] slab_reclaimable 1486848 [ 2268.701598][T28346] slab_unreclaimable 6062080 [ 2268.701598][T28346] pgfault 175560 [ 2268.701598][T28346] pgmajfault 0 [ 2268.701598][T28346] workingset_refault 66 [ 2268.701598][T28346] workingset_activate 66 [ 2268.701598][T28346] workingset_nodereclaim 0 [ 2268.701598][T28346] pgrefill 1301 [ 2268.701598][T28346] pgscan 1328 [ 2268.701598][T28346] pgsteal 335 [ 2269.245357][T28346] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6981,uid=0 [ 2269.323808][T28346] Memory cgroup out of memory: Killed process 6981 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2269.634857][ T2523] block nbd1: Attempted send on invalid socket [ 2269.641170][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2269.701257][T28349] XFS (nbd1): SB validate failed with error -5. 17:26:06 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff000000000000f54d8dfc0c8d1874683b58ce2503f4cd78d18fb19e0c1add7bfd0bab649d6c2463f03f5709fe7771bb08280cf9191db62de1f491f88ac4f5861db732e1d17f9c6a81026d336a12adfb299f6f8034771b634fc57ce3a9f9c130492b2b312623f5b2f796903ef58d4e7890bc485bb13643b541ef30be7862d9a03d8a875cda57ce1779a842be47f279b40cd4d26de98e702f562127ef123b982644461a7f2e5f"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:06 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:06 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, &(0x7f0000000540)) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:06 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:06 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(0x0, 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:06 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x2300, 0x0) [ 2269.983180][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 2269.983201][ T27] audit: type=1804 audit(1586453166.176:44934): pid=28411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3382/bus" dev="sda1" ino=17011 res=1 [ 2270.026099][ T27] audit: type=1804 audit(1586453166.176:44935): pid=28412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2559/bus" dev="sda1" ino=17319 res=1 17:26:06 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, &(0x7f0000000540)) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:06 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x40, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2f6465762f6e626430007ce8ad9ba180ef2d3f2fa88f708ba2132f9f565223c80bf6324e5b5f69b4509702c8cc05f26e419e5df616669b56fc3f39c419cda865f499a91adbacbbd02a0d16b30c26971a1341f1953d5cf2e97d7d19c3325cdb4d2d9d3e68f516d421c1d2b9150c2c1b26b1122a42b74e56721cec6228a0e973bd47fa109167b83b1304c28e359c5cc9a8"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2270.138990][ T2523] block nbd0: Attempted send on invalid socket [ 2270.145389][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2270.160724][T28410] XFS (nbd0): SB validate failed with error -5. 17:26:06 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2270.318590][T28416] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 17:26:06 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x400020, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0x0, r3) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/asound/seq/clients\x00', 0x0, 0x0) io_submit(0x0, 0x4, &(0x7f0000000700)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x766, 0xffffffffffffffff, &(0x7f0000000200)="bc9fde60bfeb56b02b2bbc1bb572cf3295f69cac17d966dc3cc098f22352acf312f9fc019ef2ee2ffbe3492c154e762f5cfc911fb548a26088b03a33d3ef9f83f8ca8816022bc61e902c4b25de1eaf900876400df6f5f5bd16ea55337dc6d590db4fffa2cc8cb22c8e63a55c364d80f898f7fda9417efbd238bc38c423707c65e5a67c4e9051ce48afcfe2aef0d7202ccc61b83e9c8512e73eba2d9c888297b5b9216ff1643f111b42bcd84acc51e4be4ba01dfd449f133e169626bde2e2f08eadab8bd980b8ce48a8", 0xc9, 0x4bb3, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x1564, r1, &(0x7f0000000540)="41dce4b372885bb2b830aa00b10beefc9381b02559b7ac9a0e083f7bc9d8efbd612de0a47e4086ac02a95e6e371378b90c6cb77a7d427f9f973317b79ddbd180f4e0aa12297c474a5b1de94050", 0x4d, 0x8, 0x0, 0x1, r2}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x8, 0x101, r3, &(0x7f0000001b40)="eea131fecad2869751a8121af6b19e814676fc1c33ebec147c56350352e87667c1b7a5a7015c58a98ae33f65f670bfbd1c1d5917148ae26a00bf3f7830f6595a2b5eddfe41f46622872d6a191827d3f56c0bd11766179f3ab825ecf8c539d6a4bc1b2a2b18e8fdf59a9506b1f36c8b659a9dff34f4b2c2c7290f5912239fc3c530104fadfb9177187eae32eb57a2153999cc6996ec6fb299479a9d3c72958f015ffbd2f2f96370b13e1c2570a099b932931f8bdcb11ff8e481578cf409b5bfda93f10d07ee4773d2c3e819a8105980dadb43c902328f640a09b82538efa7f625168ca3cb5c711de470e773165bbc77406a88b9384cf3a6ae8dd6102dcc397ace423da20a058c411d0b53931650068fa1a914e79439923f278adb12e4da061c69eb1488cc37643bae9469d3685503c0640dfa60d2ec9ebe653ee8dd6fd9202ec6ea9e254f5e615136c09be237d9a19133b9682fdc0637bec2c3c34be6a18693351ad49da5184966909da8c10c908b8056405c22188932f0e6a8b5f8e62573f4648e95e0304b09bc419163f908ad239bfb886da55c86677dc30c8ca04ec2cdc7269c722fc88cde8d5ceb9bdd69852cb543b93339b487ae835c559f941cb8d93aeed32000b567b0491645b4682b1d2dacd0743fa744d4335e94a176ef89974ea2d75bd4aa9b69e520862c791a57a8bf53516596117ed8f7b9c09d8d5200c313b708e78bb3bf072d03a4ed4e0050a757c37cd72212d0386153ca6bcf4f6bdb1a80cc2d8e01ce30bdef82555910e423665627091ef2e46f6f5af1509ebdf8e8db36586a2faceeb11300721e9249ce798a6b8983600ec85408db5b0e63723df3ef0680d4ea66f9af8ccf106ad5dd41973f08daab17f1d090045de3e6d2ac14f406f2410ee6042474e1db7ac9e71bee56e4301181e8adf4ba2e74bc00d1dc29fe077ec659656ce651ec8905f177a5b87696c234326d8995e02c184582d794a3a25cd1725fe45e519c84a31ef15c508888433fd58bd354f467297873259fc78ccae0f3dde1c3eca2d64b4cdc43d362472cad883ba3c46a970b1c7f6721cab58ded37c0b34c37890ae148a8f8ddc2fdf39a7d464b27736865df001285fb794209056731566de4290117ac3417b3857860c55bf45c10f791345e95c7f93a7a92008c198c6db4ace94e558d53cbd8c4b418b4601ba0e02467f9e158c28d482fc01607f459aec7266a14549525e6afa279c2448391af95bb7fa08cefb359eb7db9b848b4a9f3ee34e32934ccb3f24cb93a0117b56bff3c6eb9f0c333461a63a657f40e85aa1bb0a6370b550c643558e208b5cb8f3a382e8842721d10ae4cc83c5d463f09ccdc08cf13a2df47bcb6ee44e3242e23b212ce82fce7848d6b4bd3e94276fb7da7ce6b6c03a0fe246a0ad71fa874af65db7c4a861f730a540f5868e3222514f3d424aed28df67698796a02fe333bbaa27b79e686ec10b865a4fd9771dfb6ccd56b196b2829d0162917583964a55f37b238a5961429fe347540d58ea30f10ae68324f30bb93fb1a7e1bf47255d23ac0e06af103c52ac1450e4ef1582bc4772b6c68032c93e46f26e5fdafdc497f676dcb7030d0d9f6a375a86091b6ff0d54dcc54fbf3e968aaf5d7c7109b2fc62dc1e9fdbb211e01853988fbd03910ab223dc4d0ed62fe85d6a03c3a564acad75d07f7a0f2e7bbf6f8b1331677298ca20fca5d10f0e239482f2ffed201921a67ef58647e477f4f99fa3a63c2aa2899a58d82b2064c1f8d3a671c85f083433eed8995a2c8f29b61860bece73e06bdbb348a67c2e2c35e2b76c715f935900cf0e9b98bcd728069238686d228fddfb4197a2d6978b15da5d44d888955c839659e8f967f90cabf7ecbf1c91f98e9c3cf701f06f402b8f196883b7ff49805283a8f0ea3cbd37a4d6149a529e1899e63cbe28e3c0718093b7298dd00c0aee062bb4561e5ff572b7907694f9c370386af8291e5285ce9f22de14fada0d4faabf13172e5fd3b0d12160b6cfcbe9442575ac8444fdeff6ab0c905ffb2f6ee1ec5a96c846236783f8edeefa97e23fc3c651ee946cc37cc5d828d654e6d3c42139181714128c657f3680a4caa3350fe1b2460c97db5ec6a9303ad2acd722d4705a2f775cc39c708e9620a02fb1c36aa40e7a6cdb8ae3e71e054740d0ed24b6ca32a8384de4691336b6665bbd242a8a810ee0213d2d54daa288b430d5a6da47b5df45cb3f25bcd0f94a9de35c592c5c1600a757809c5ef5e5a1da1664f0601ab56498735ca076a0d51ca7daa088f6c15359d8bb66ca16ff30925c52a9a291c8379103e93bf1639d62edf9793e159d8972aeec9e9c930ceb34618b23b8a0640fec8790a45cce7d8a380644b8f23ef80f82907f4db6273e0e3ce321521b4acbe5686019e801577ebdcf619c10558abc757c2fddb3c18cbe4fd3ebfb1a82de060824c0752d3713d431473508f9b04a89496c81cacf162267692acef5be3b5552928b52bcf809fab87d6685e24cb3c52bbb632d5dc0810ee779bd9c6d4f898d1cc72e49732719505a62612d33c3ff3f7838e832a540026ee00ee445c58af03f162977a22802c7bb22db228600a82a754a8084df82ce6697fee8f15e0b96b703caf5bc1e35db465835b82175ca902fc4af2e8e96cf7327a446f2ce02518a910dfa5655ac59a8c90263d3d65898ee8a1110b457158c4580dec8fa2877c856be169e33e5f645468696fb06f7df5978e3d5315e9d89c488a54c3ebeb6c720ad3ca93d428fd413273ea163fc45e0ba36ed6de9e37e4e9dd810e417f03e6219c69d2596c664835b9209e0ebb3c18b7c72ae7ba177418fb99f4c8a99a3d069131df38b57d9f32c95e1fd75f6173a4b2fab8e063f97b700fe403d07e9ae2872154147e3330ca7bec32506a5756a71ab8b67e76bccdf8d7f370793ddcd203a890487a9d2049a710049ba528fd35f4465ea8f2d254ef7dcbeafbfdd2682cc0b5c59ac804d49badab356de9203078d7f12fe3b477a6d6e03378a1065293f54be69b59a7d537b7a6136ce1d5790b87ca8355d0eafbc977b6535ce96d51ddd055b8b896e956459c5939de1cb6b3daec144c65b25b0ea73b4338d4dc5e2e48be1a7d2f6bd6943efe6c235fc20281ced13da5ea2c036326b909b68907af255a0938ea13263d87e3620748237d8ca74827ade37dc57db3baf09755021f82616cb20144daf3412138a8efed134156dca14d1a91522065bec9ada69727a4c093c8332fb5b9e4af65aeba7f8d1e90097bcc5b810c5836bcb0459b03c857185b2c4f449566dc50d45ed74f1a003ad6f1b680e14554382b4d1321c701c3bcf60ddb9f8fd2e3a2426e580b8da4a98b6b9b995a3e851eda90c72ab09ade73874d8ec797cc529ec6288c864429cb8775ea461c08ca182f12cb4daf68b63ac0676d18b379f9dc26ebf4d4ec5e50f1e8d389652f8f8ff8b5b34b4e4dfe5dda5156b47636a25a01f4f5d12297bdf30d36868941e189dad567262258118717d7c92a923c46f0ebb162ce834cd3089c03df511597d552877eb2790bc75e9338e3500c8b8b6926eabf2a78e9a6d7a6e94ffba96a78e211cc3ff6dc5920944712817c25ada62ab88cb99cac35eb0982e2aaf7d9ab9ed6c39c812b5928bb8df3d6af695a9f9e5afac031b298b219162cbbd3397177b659e78b5d5d3e07489e765b58059a2f9f9b40bdf7e6960763f290c109db11dcdd5d4d133495de6b32d24186fdb49d9f4c1a344cb5b672ff0f0a5b8b06cab5e7a7d62e4ee71b45349f49543cf1bf07ff1812ee0c72b8679d587de91fd64f6c1c9615e97e402adfded739dbdc1cdcd4c16bdd4c4045ce408b4022d99c091fcf4fd4a6bf7a4b21e8ba58d97eae3675e79cdbe5e6d5b160b0de079fd92d2b44baf01b47debb7f1733b97f065aceef60c8be6775b5a830375962520ceaec72b16cc33f56553b3714ecc3f85e12fa2224d80798c1a03c495f62a2fd5f92b345e14e282f650bf63293c8af9911b29ca933ff88d0e8dffc76a45196a0aee00b1ec2d6e736d68298b3bf780675c406b400e548f3d9131be8c028407f28713766387b56f0fc40e86b5f4a16fbb62da03758318fd260a5906cd8fe7a7dc0d18cb1041c44a71b0865b5490ded2fbf54a55f435dd30113f72ab3b5b37c299376986e4d3c95f9a5a8f43360aae3a4b08a44fad3834569e83595cc51e27d3e36d2b780859848706ab60bd16f105f17a600bdb81f905d4e177c730209115a65309cf33a25bc502db8e4affef4d42c0e7d705603fd92b1d3b39541aae25b1c1895dd575ca7b2ea3dddf705ae6df37297a0406ac53dd965e2f9d1b067203cf60f6ba6511020b8ae19f9229c85936f81bac474777a7c70737a7f1040bd58f1170582a1bdb67bfa49875e23705ebeffa018e543d7c35b2b4e62506dc131b32c992eee1cbd46bfba5fc1e5fadf4bef9c8161137f93b8d26e18fd2bb4cd9207fb7ff1f549105b2f31dd1ea934322198221725fbb4a83c2a5ebbe30205d8a777d1b00635ec007898c4d5896afb727810e3bab4b819c1e073d75c3594f656ec29f6a247a7414b4ed5e56022c73558da62204da0007859b5352327948a9f02c197d21f6e22019bb472d588052435bb5a2d5e55e9be84d9f4f93dab7830a6e112a75c71847c66802c5359bf57e9ad0381d5b239e34271b974398c84460b2a374b6cae8ec2ba89ec63d4fd194a89b94c0b9918e74ee8da449796185589ffdff85de6544d895a9da192cf37609ec24ddbbfd49caa960bed609d1744a8b0fd13dbb0860851f225d0205a84c7ee8db8b598f8469ff0817cf106df6b87c1f893962718ab424f7ec0b622d99a1086385227baf025c0ab1913b7e5b98f2ebaae078920b8c5e9c8c7d4ebcfc6fef145f2b9849e8c56efe835ca3c90116de1c8beac76e442a05162e325ef7ffa6bcad858767d61a63630f268755788937055c7d0c8579221c8dcae1e719d395dc179ca429ce0544bcf84f1ceb2c750df1255e69bfc5ef9611d9987e95046f317219f37511134ea41cd8b01220eb16153bf98c3979d8f69557442e060b5f9f23f0c81fcff0c170b966bcbc624c368320bf4324b20b70ccb551ce37e27dbec147a43e6360e6eafcefd321252caf9a0a19f35710b242403f8be1ae0a54063633a0850018286a802b239b4089ff24280a56e33fabae86f791cc9354caf5c37de11378819a1bb1b201bca882d0d03f338309f4a1d9b0558a2e503e14cc63dbac16e61a3d8a618d177d7dfa86602ae0bacbf2ae24d6396508ab651b8f01ec64277835fcbbda3aea97bc2d3ef21c28652c9a8525874b7f40d440f6991b632e7b185a2a7c55d647104fa893a53d002a9d329c953bc8d5cdc486597dc2d8f8b27aab33ff9a3f7ef41977ec70a44d84e3003123766fe8dd4cc47682104386fd2b8734a0037491fbb9adce659cb85b1e2f0d90fbf37523416778e0ed893687b29e8265f2cb4d17c377f667256e8b362cd3cbca5e11da7ff6e76a54fc26649b396df2189ccf4f8e4c8f4c12795ce6044c3f7c21cd77394e4478da0ef4e2ee832cb4a7c2ef48a6b4d353491bb74b5d21c8b88367c65a75fdd93a18b138df22ec5b6579194db0fd6baac6d532462b9a09bd2d21b1b6e85a65c99a32cad286de80a58388e3c0743e2c0db2c4bf9830ce1a9818bc75956fed79da63734d0947e262ea0834c75934272eebd1a1bb844352a4ccf469f973f21d6800b6bfa35b34f241ca7d78592e0c854f2701650e6f1febc05b545644ac4addb6ca68bc88bc1676bb7cb742", 0x1000, 0x7, 0x0, 0x1}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, &(0x7f00000005c0)="d70a12c76a367e25a98186a39dcaf873e3f0ab81833ce6fe374723b5c1d73afcd02acef407fa", 0x26, 0x10000, 0x0, 0x2, r4}]) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r5, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r6, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2270.386842][ T27] audit: type=1804 audit(1586453166.256:44936): pid=28414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/640/bus" dev="sda1" ino=17330 res=1 [ 2270.426298][ T2522] block nbd0: Attempted send on invalid socket [ 2270.432709][ T2522] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2270.444158][T28545] XFS (nbd0): SB validate failed with error -5. 17:26:06 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x0, &(0x7f0000000540)) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2270.551916][T28416] CPU: 0 PID: 28416 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2270.560620][T28416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2270.570723][T28416] Call Trace: [ 2270.574023][T28416] dump_stack+0x11d/0x187 [ 2270.578362][T28416] dump_header+0xa7/0x399 [ 2270.582706][T28416] oom_kill_process.cold+0x10/0x15 [ 2270.587825][T28416] out_of_memory+0x21d/0xa30 [ 2270.592479][T28416] ? __rcu_read_unlock+0x66/0x2f0 [ 2270.597525][T28416] mem_cgroup_out_of_memory+0x12b/0x150 [ 2270.603091][T28416] try_charge+0xb60/0xbe0 [ 2270.607475][T28416] ? __rcu_read_unlock+0x66/0x2f0 [ 2270.612517][T28416] mem_cgroup_try_charge+0xd7/0x260 [ 2270.617798][T28416] mem_cgroup_try_charge_delay+0x36/0x70 [ 2270.617877][ T27] audit: type=1804 audit(1586453166.256:44937): pid=28413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2858/bus" dev="sda1" ino=17298 res=1 [ 2270.623431][T28416] wp_page_copy+0x31a/0xf20 [ 2270.623475][T28416] ? __delayacct_freepages_end+0x7d/0x90 [ 2270.623513][T28416] ? kvm_clock_read+0x14/0x30 [ 2270.623530][T28416] ? kvm_sched_clock_read+0x5/0x10 [ 2270.623560][T28416] do_wp_page+0x185/0xcc0 [ 2270.672908][T28416] ? psi_task_change+0x1a4/0x2c0 [ 2270.677866][T28416] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2270.683773][T28416] __handle_mm_fault+0x1c5e/0x2cf0 [ 2270.688949][T28416] handle_mm_fault+0x21c/0x540 [ 2270.693804][T28416] do_page_fault+0x4a4/0xa52 [ 2270.698421][T28416] ? prepare_exit_to_usermode+0x165/0x1c0 [ 2270.704152][T28416] page_fault+0x34/0x40 [ 2270.708419][T28416] RIP: 0033:0x4118d8 [ 2270.712372][T28416] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 4d 21 4c 00 31 c0 e8 93 02 ff ff 31 ff e8 ac 09 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 76 0d 87 00 [ 2270.732003][T28416] RSP: 002b:00007ffc39b30640 EFLAGS: 00010246 [ 2270.738070][T28416] RAX: 000000005eeb8500 RBX: 0000000009920328 RCX: 0000001b2d420000 [ 2270.746043][T28416] RDX: 0000000000000000 RSI: 0000000000000500 RDI: ffffffff5eeb8500 [ 2270.754061][T28416] RBP: 000000000000000b R08: 000000005eeb8500 R09: 000000005eeb8504 [ 2270.762207][T28416] R10: 00007ffc39b307e0 R11: 0000000000000246 R12: 000000000076c028 [ 2270.770299][T28416] R13: 0000000080000000 R14: 00007fc0c50ad008 R15: 000000000000000b [ 2270.818874][ T27] audit: type=1804 audit(1586453166.476:44938): pid=28542 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3383/bus" dev="sda1" ino=17065 res=1 17:26:07 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x900, 0x0) [ 2270.951165][ T27] audit: type=1804 audit(1586453166.746:44939): pid=28555 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/641/bus" dev="sda1" ino=17081 res=1 [ 2271.019106][ T27] audit: type=1804 audit(1586453167.106:44940): pid=28669 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3384/bus" dev="sda1" ino=17159 res=1 [ 2271.084467][T28416] memory: usage 307196kB, limit 307200kB, failcnt 2800 [ 2271.091467][T28416] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2271.191006][T28416] Memory cgroup stats for /syz1: [ 2271.191240][T28416] anon 271122432 [ 2271.191240][T28416] file 20480 [ 2271.191240][T28416] kernel_stack 3944448 [ 2271.191240][T28416] slab 7548928 [ 2271.191240][T28416] sock 53248 [ 2271.191240][T28416] shmem 0 [ 2271.191240][T28416] file_mapped 0 [ 2271.191240][T28416] file_dirty 0 [ 2271.191240][T28416] file_writeback 0 [ 2271.191240][T28416] anon_thp 241172480 [ 2271.191240][T28416] inactive_anon 0 [ 2271.191240][T28416] active_anon 271122432 [ 2271.191240][T28416] inactive_file 0 [ 2271.191240][T28416] active_file 20480 [ 2271.191240][T28416] unevictable 0 [ 2271.191240][T28416] slab_reclaimable 1486848 [ 2271.191240][T28416] slab_unreclaimable 6062080 [ 2271.191240][T28416] pgfault 175626 [ 2271.191240][T28416] pgmajfault 0 [ 2271.191240][T28416] workingset_refault 66 [ 2271.191240][T28416] workingset_activate 66 [ 2271.191240][T28416] workingset_nodereclaim 0 [ 2271.191240][T28416] pgrefill 1334 [ 2271.191240][T28416] pgscan 1361 [ 2271.191240][T28416] pgsteal 335 [ 2271.310499][ T2522] block nbd4: Attempted send on invalid socket [ 2271.316850][ T2522] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2271.328548][T28676] XFS (nbd4): SB validate failed with error -5. [ 2271.389751][T28416] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=28390,uid=0 [ 2271.498105][T28416] Memory cgroup out of memory: Killed process 28390 (syz-executor.1) total-vm:75364kB, anon-rss:2244kB, file-rss:35860kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 17:26:08 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f0000000040)=""/57) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r4 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r4, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000300)={0x990000, 0x2e, 0x0, r4, 0x0, &(0x7f00000002c0)={0x990a95, 0x6, [], @p_u8=&(0x7f0000000280)=0x7f}}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x2000003, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000100)={'syzkaller1\x00'}) 17:26:08 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(0x0, 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:08 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x700, 0x0) 17:26:08 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000040)=0x3, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/9, 0x9}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x4314f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4a401, 0x1000000, 0x0, 0x8}, 0x0, 0xffffffffffffffff, r2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r3, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r4, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:08 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[0x0]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:08 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x4, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000098a288b400"], &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2272.206203][ T27] audit: type=1804 audit(1586453168.396:44941): pid=28705 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3385/bus" dev="sda1" ino=17426 res=1 [ 2272.340366][ T27] audit: type=1804 audit(1586453168.436:44942): pid=28711 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2560/bus" dev="sda1" ino=17458 res=1 [ 2272.342185][ T2523] block nbd0: Attempted send on invalid socket 17:26:08 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[0x0]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2272.391899][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2272.425669][T28706] XFS (nbd0): SB validate failed with error -5. 17:26:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x8, 0xe5}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r0, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r0, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r0, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)={r0, 0x3}, &(0x7f0000000040)=0x8) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2272.526479][ T27] audit: type=1804 audit(1586453168.716:44943): pid=28755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3386/bus" dev="sda1" ino=17522 res=1 17:26:08 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) tee(r1, r0, 0x5d9, 0x8) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='vfat\x00', 0x1000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet(r4, &(0x7f0000000100)="2fd5bdb89d49bdd93411e4", 0xb, 0x4, &(0x7f0000000140)={0x2, 0x4e24, @loopback}, 0x10) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2272.671811][ T2523] block nbd1: Attempted send on invalid socket [ 2272.678153][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2272.694632][T28739] XFS (nbd1): SB validate failed with error -5. 17:26:08 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[0x0]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:09 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x5, 0x5, {}, {0xffffffffffffffff}, 0xc000000000000000, 0x3}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) mount$9p_virtio(&(0x7f0000000340)='syz\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=virtio,cache=loose,cache=none,fscache,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',nodevmap,access=', @ANYRESDEC=0x0, @ANYBLOB="2c63616368653d6e6f6e652c63616368653d6e6f6e652c6163636573733d757365722c64b5297f4380c7445728696767ab666c747569643d", @ANYRESHEX=r2, @ANYBLOB="2c7063723d30303134343131353138383037353835353930302c736d61636b6673666c6f6f723d1d4de1db0fee34b836603cdcfa4306666e45a18644b13cbfc38d95dddac0bb63ff83780719412e035939d277da7dee5288fb0e2eb8d71a62b437ee20c89a0c903327eb3c008156f84e867e516dd5f905935cfcd4986921d2b0431202bff05c399941ce012886e28a6ffceeb2c6994a6682095bcc6dab1a2cb9383a7d7df272664241c57887fa56edfbb35498c68494bde14b69bdedd03e2c1e9a248331742c666f776e65723e", @ANYRESDEC=r4, @ANYBLOB="2c6170020000000000000089f568a957c7cbeb1a80652c7569643c5b41ac16d8c22e9ffd45723cef5db8e9cec063b7e28c01ca6cb051e100020000000000000000", @ANYRESDEC=r6, @ANYBLOB=',dont_hash,smackfsdef=xfs\x00,euid=', @ANYRESDEC=r8, @ANYBLOB=',smackfstransmute=xfs\x00,\x00']) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x1}, 0x1, 0x0, 0x0, 0x620040c5}, 0x4000000) pause() mount(&(0x7f0000000000)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRESOCT=0x0, @ANYRES64, @ANYRES64=r2, @ANYRESOCT, @ANYRESOCT], @ANYRESHEX], &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='squashfs\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000300)) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:09 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/mice\x00', 0x80000) ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$rose(r2, 0x104, 0x74c2e7a55e4a6642, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0x101) r7 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="0010000000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:09 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:09 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(0x0, 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:09 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) tee(r1, r0, 0x5d9, 0x8) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='vfat\x00', 0x1000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet(r4, &(0x7f0000000100)="2fd5bdb89d49bdd93411e4", 0xb, 0x4, &(0x7f0000000140)={0x2, 0x4e24, @loopback}, 0x10) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:09 executing program 4: r0 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r1, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) sendfile(r0, r2, &(0x7f0000000040)=0x480000, 0xef7) sched_setattr(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r3, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2273.497627][T28966] : Can't open blockdev 17:26:09 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:09 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) tee(r1, r0, 0x5d9, 0x8) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='vfat\x00', 0x1000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet(r4, &(0x7f0000000100)="2fd5bdb89d49bdd93411e4", 0xb, 0x4, &(0x7f0000000140)={0x2, 0x4e24, @loopback}, 0x10) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:10 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2274.100414][T28956] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2274.286203][T28956] CPU: 0 PID: 28956 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2274.295013][T28956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2274.305069][T28956] Call Trace: [ 2274.308404][T28956] dump_stack+0x11d/0x187 [ 2274.312851][T28956] dump_header+0xa7/0x399 [ 2274.317199][T28956] oom_kill_process.cold+0x10/0x15 [ 2274.322327][T28956] out_of_memory+0x21d/0xa30 [ 2274.326931][T28956] ? __rcu_read_unlock+0x66/0x2f0 [ 2274.332049][T28956] mem_cgroup_out_of_memory+0x12b/0x150 [ 2274.337616][T28956] try_charge+0xb60/0xbe0 [ 2274.341976][T28956] ? __rcu_read_unlock+0x66/0x2f0 [ 2274.347018][T28956] ? __rcu_read_unlock+0x66/0x2f0 [ 2274.352067][T28956] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2274.357569][T28956] __memcg_kmem_charge+0xcd/0x1b0 [ 2274.362709][T28956] copy_process+0x12bc/0x3b10 [ 2274.367676][T28956] ? kvm_clock_read+0x14/0x30 [ 2274.372371][T28956] ? kvm_sched_clock_read+0x5/0x10 [ 2274.377501][T28956] ? sched_clock+0xf/0x20 [ 2274.381869][T28956] ? sched_clock_cpu+0x10/0xd0 [ 2274.386701][T28956] ? record_times+0x10/0x80 [ 2274.391322][T28956] _do_fork+0xf7/0x790 [ 2274.395536][T28956] ? __rcu_read_unlock+0x66/0x2f0 [ 2274.400589][T28956] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 2274.406676][T28956] __x64_sys_clone+0x12e/0x170 [ 2274.411468][T28956] do_syscall_64+0xc7/0x390 [ 2274.416025][T28956] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2274.422021][T28956] RIP: 0033:0x45f259 [ 2274.425927][T28956] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2274.445714][T28956] RSP: 002b:00007ffc39b305d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2274.454135][T28956] RAX: ffffffffffffffda RBX: 00007fc0c326a700 RCX: 000000000045f259 [ 2274.462113][T28956] RDX: 00007fc0c326a9d0 RSI: 00007fc0c3269db0 RDI: 00000000003d0f00 [ 2274.470099][T28956] RBP: 00007ffc39b307f0 R08: 00007fc0c326a700 R09: 00007fc0c326a700 [ 2274.478083][T28956] R10: 00007fc0c326a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2274.486065][T28956] R13: 00007ffc39b3068f R14: 00007fc0c326a9c0 R15: 000000000076c04c 17:26:10 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/mice\x00', 0x80000) ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$rose(r2, 0x104, 0x74c2e7a55e4a6642, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0x101) r7 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="0010000000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:10 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:10 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2274.910774][T29104] : Can't open blockdev [ 2275.764631][T28956] memory: usage 307184kB, limit 307200kB, failcnt 2836 [ 2275.809080][T28956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2275.872088][T28956] Memory cgroup stats for /syz1: [ 2275.872230][T28956] anon 271085568 [ 2275.872230][T28956] file 20480 [ 2275.872230][T28956] kernel_stack 3944448 [ 2275.872230][T28956] slab 7548928 [ 2275.872230][T28956] sock 53248 [ 2275.872230][T28956] shmem 0 [ 2275.872230][T28956] file_mapped 0 [ 2275.872230][T28956] file_dirty 0 [ 2275.872230][T28956] file_writeback 0 [ 2275.872230][T28956] anon_thp 241172480 [ 2275.872230][T28956] inactive_anon 0 [ 2275.872230][T28956] active_anon 271085568 [ 2275.872230][T28956] inactive_file 0 [ 2275.872230][T28956] active_file 20480 [ 2275.872230][T28956] unevictable 0 [ 2275.872230][T28956] slab_reclaimable 1486848 [ 2275.872230][T28956] slab_unreclaimable 6062080 [ 2275.872230][T28956] pgfault 175824 [ 2275.872230][T28956] pgmajfault 0 [ 2275.872230][T28956] workingset_refault 66 [ 2275.872230][T28956] workingset_activate 66 [ 2275.872230][T28956] workingset_nodereclaim 0 [ 2275.872230][T28956] pgrefill 1367 [ 2275.872230][T28956] pgscan 1394 [ 2275.872230][T28956] pgsteal 335 [ 2276.352454][T28956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6851,uid=0 [ 2276.381957][T28956] Memory cgroup out of memory: Killed process 6851 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2276.452803][ T1080] oom_reaper: reaped process 6851 (syz-executor.1), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 17:26:12 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:12 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:12 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x24d, 0x0) 17:26:12 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:12 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/mice\x00', 0x80000) ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$rose(r2, 0x104, 0x74c2e7a55e4a6642, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0x101) r7 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="0010000000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:12 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000140)={0x2576, 0x7}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000480)={0x0}) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000004c0)={r2, 0x1}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000180)={r2, 0x2}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2276.751418][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 2276.751438][ T27] audit: type=1804 audit(1586453172.936:44950): pid=29149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2562/bus" dev="sda1" ino=17621 res=1 [ 2276.813746][ T2522] block nbd3: Attempted send on invalid socket [ 2276.819978][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2276.831488][T29151] XFS (nbd3): SB validate failed with error -5. 17:26:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x5, 0x5, {}, {0xffffffffffffffff}, 0xc000000000000000, 0x3}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) mount$9p_virtio(&(0x7f0000000340)='syz\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=virtio,cache=loose,cache=none,fscache,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB=',nodevmap,access=', @ANYRESDEC=0x0, @ANYBLOB="2c63616368653d6e6f6e652c63616368653d6e6f6e652c6163636573733d757365722c64b5297f4380c7445728696767ab666c747569643d", @ANYRESHEX=r2, @ANYBLOB="2c7063723d30303134343131353138383037353835353930302c736d61636b6673666c6f6f723d1d4de1db0fee34b836603cdcfa4306666e45a18644b13cbfc38d95dddac0bb63ff83780719412e035939d277da7dee5288fb0e2eb8d71a62b437ee20c89a0c903327eb3c008156f84e867e516dd5f905935cfcd4986921d2b0431202bff05c399941ce012886e28a6ffceeb2c6994a6682095bcc6dab1a2cb9383a7d7df272664241c57887fa56edfbb35498c68494bde14b69bdedd03e2c1e9a248331742c666f776e65723e", @ANYRESDEC=r4, @ANYBLOB="2c6170020000000000000089f568a957c7cbeb1a80652c7569643c5b41ac16d8c22e9ffd45723cef5db8e9cec063b7e28c01ca6cb051e100020000000000000000", @ANYRESDEC=r6, @ANYBLOB=',dont_hash,smackfsdef=xfs\x00,euid=', @ANYRESDEC=r8, @ANYBLOB=',smackfstransmute=xfs\x00,\x00']) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x1}, 0x1, 0x0, 0x0, 0x620040c5}, 0x4000000) pause() mount(&(0x7f0000000000)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRESOCT=0x0, @ANYRES64, @ANYRES64=r2, @ANYRESOCT, @ANYRESOCT], @ANYRESHEX], &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='squashfs\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000300)) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:13 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x24d, 0x0) [ 2276.967085][ T27] audit: type=1804 audit(1586453173.056:44951): pid=29155 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3392/bus" dev="sda1" ino=17626 res=1 [ 2277.000031][T29152] : Can't open blockdev 17:26:13 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2277.239638][ T2523] block nbd3: Attempted send on invalid socket [ 2277.246052][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2277.261560][T29282] XFS (nbd3): SB validate failed with error -5. [ 2277.305506][ T27] audit: type=1804 audit(1586453173.496:44952): pid=29349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3393/bus" dev="sda1" ino=17632 res=1 [ 2277.373996][ T2523] block nbd1: Attempted send on invalid socket [ 2277.380227][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2277.440782][T29281] XFS (nbd1): SB validate failed with error -5. 17:26:13 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:13 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x24d, 0x0) 17:26:13 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:13 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2277.810596][ T27] audit: type=1804 audit(1586453173.996:44953): pid=29409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3394/bus" dev="sda1" ino=17365 res=1 17:26:14 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:14 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000140)={0x2576, 0x7}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000480)={0x0}) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000004c0)={r2, 0x1}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000180)={r2, 0x2}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2277.933089][ T27] audit: type=1804 audit(1586453174.116:44954): pid=29523 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2563/bus" dev="sda1" ino=17640 res=1 17:26:14 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:14 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2278.154333][ T27] audit: type=1804 audit(1586453174.306:44955): pid=29527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3258/bus" dev="sda1" ino=17642 res=1 17:26:14 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400203) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYRES64], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:14 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000140)={0x2576, 0x7}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000480)={0x0}) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000004c0)={r2, 0x1}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000180)={r2, 0x2}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2278.340691][ T27] audit: type=1804 audit(1586453174.426:44956): pid=29538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3395/bus" dev="sda1" ino=17365 res=1 17:26:14 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:14 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x177, 0x0) 17:26:14 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0xffffffe9}, &(0x7f0000000100)=0x8) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2278.688964][ T27] audit: type=1804 audit(1586453174.876:44957): pid=29667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3396/bus" dev="sda1" ino=17644 res=1 [ 2278.744322][ T2523] block nbd3: Attempted send on invalid socket [ 2278.750546][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2278.800578][ T2523] block nbd4: Attempted send on invalid socket [ 2278.806852][ T2523] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2278.832604][T29664] XFS (nbd4): SB validate failed with error -5. [ 2278.841899][T29665] XFS (nbd3): SB validate failed with error -5. 17:26:15 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:15 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(0x0, 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2278.921354][ T7820] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 17:26:15 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000140)={0x2576, 0x7}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000480)={0x0}) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000004c0)={r2, 0x1}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000180)={r2, 0x2}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2279.137963][ T7820] CPU: 1 PID: 7820 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2279.146722][ T7820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2279.156778][ T7820] Call Trace: [ 2279.160079][ T7820] dump_stack+0x11d/0x187 [ 2279.164541][ T7820] dump_header+0xa7/0x399 [ 2279.168883][ T7820] oom_kill_process.cold+0x10/0x15 [ 2279.174089][ T7820] out_of_memory+0x21d/0xa30 [ 2279.178702][ T7820] ? __rcu_read_unlock+0x66/0x2f0 17:26:15 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) [ 2279.183829][ T7820] mem_cgroup_out_of_memory+0x12b/0x150 [ 2279.189533][ T7820] try_charge+0xb60/0xbe0 [ 2279.193958][ T7820] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2279.199860][ T7820] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2279.205341][ T7820] __memcg_kmem_charge+0xcd/0x1b0 [ 2279.210711][ T7820] __alloc_pages_nodemask+0x268/0x310 [ 2279.216107][ T7820] alloc_pages_current+0xca/0x170 [ 2279.221298][ T7820] get_zeroed_page+0x10/0x40 [ 2279.225899][ T7820] __pud_alloc+0x43/0x240 [ 2279.230304][ T7820] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2279.236212][ T7820] pud_alloc+0xbd/0xf0 [ 2279.240302][ T7820] copy_page_range+0x256/0x1a40 [ 2279.245351][ T7820] ? __rb_insert_augmented+0x11b/0x360 [ 2279.250828][ T7820] ? __rcu_read_unlock+0x66/0x2f0 [ 2279.255867][ T7820] ? anon_vma_interval_tree_insert+0x1bd/0x240 [ 2279.262029][ T7820] ? __rb_rotate_set_parents+0x96/0xe0 [ 2279.267498][ T7820] ? vma_interval_tree_augment_rotate+0xd8/0xf0 [ 2279.273773][ T7820] ? __rb_insert_augmented+0x11b/0x360 [ 2279.279247][ T7820] ? __vma_link_rb+0x3ed/0x440 [ 2279.284025][ T7820] dup_mm+0x72e/0xb90 [ 2279.288037][ T7820] copy_process+0x39ad/0x3b10 [ 2279.292722][ T7820] ? _raw_spin_unlock+0x38/0x60 [ 2279.297645][ T7820] _do_fork+0xf7/0x790 [ 2279.301724][ T7820] ? __read_once_size+0x45/0xd0 [ 2279.306586][ T7820] ? ktime_get_ts64+0x286/0x2c0 [ 2279.311460][ T7820] __x64_sys_clone+0x12e/0x170 [ 2279.316239][ T7820] do_syscall_64+0xc7/0x390 [ 2279.320757][ T7820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2279.326676][ T7820] RIP: 0033:0x45ae5a [ 2279.330576][ T7820] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2279.350744][ T7820] RSP: 002b:00007ffc39b30870 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2279.359165][ T7820] RAX: ffffffffffffffda RBX: 00007ffc39b30870 RCX: 000000000045ae5a [ 2279.367146][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2279.375121][ T7820] RBP: 00007ffc39b308b0 R08: 0000000000000001 R09: 0000000002947940 [ 2279.383096][ T7820] R10: 0000000002947c10 R11: 0000000000000246 R12: 0000000000000001 [ 2279.389258][ T2522] block nbd3: Attempted send on invalid socket [ 2279.391118][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2279.399873][ T27] audit: type=1804 audit(1586453175.476:44958): pid=29792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2564/bus" dev="sda1" ino=17093 res=1 [ 2279.405408][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2279.442656][T29791] XFS (nbd3): SB validate failed with error -5. [ 2279.508099][T29800] virtio-fs: tag <(null)> not found 17:26:15 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) [ 2279.652929][ T7820] memory: usage 307196kB, limit 307200kB, failcnt 2879 17:26:15 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400203) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYRES64], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2279.703649][ T7820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2279.789579][ T7820] Memory cgroup stats for /syz1: [ 2279.790977][ T7820] anon 271187968 [ 2279.790977][ T7820] file 20480 [ 2279.790977][ T7820] kernel_stack 3944448 [ 2279.790977][ T7820] slab 7548928 [ 2279.790977][ T7820] sock 53248 [ 2279.790977][ T7820] shmem 0 [ 2279.790977][ T7820] file_mapped 0 [ 2279.790977][ T7820] file_dirty 0 [ 2279.790977][ T7820] file_writeback 0 [ 2279.790977][ T7820] anon_thp 241172480 [ 2279.790977][ T7820] inactive_anon 0 [ 2279.790977][ T7820] active_anon 271101952 [ 2279.790977][ T7820] inactive_file 0 [ 2279.790977][ T7820] active_file 20480 [ 2279.790977][ T7820] unevictable 0 [ 2279.790977][ T7820] slab_reclaimable 1486848 [ 2279.790977][ T7820] slab_unreclaimable 6062080 [ 2279.790977][ T7820] pgfault 175989 [ 2279.790977][ T7820] pgmajfault 0 [ 2279.790977][ T7820] workingset_refault 66 [ 2279.790977][ T7820] workingset_activate 66 [ 2279.790977][ T7820] workingset_nodereclaim 0 [ 2279.790977][ T7820] pgrefill 1367 [ 2279.790977][ T7820] pgscan 1394 [ 2279.790977][ T7820] pgsteal 335 17:26:16 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(0x0, 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:16 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:16 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2280.259094][ T7820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29447,uid=0 17:26:16 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) [ 2280.495600][ T27] audit: type=1804 audit(1586453176.686:44959): pid=30034 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2565/bus" dev="sda1" ino=17190 res=1 [ 2280.524292][ T7820] Memory cgroup out of memory: Killed process 29447 (syz-executor.1) total-vm:74968kB, anon-rss:2216kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2280.862724][T30156] virtio-fs: tag <(null)> not found 17:26:17 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) [ 2281.454718][ T2523] block nbd1: Attempted send on invalid socket [ 2281.461042][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2281.551506][T30169] XFS (nbd1): SB validate failed with error -5. [ 2281.689520][T30281] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2281.723163][T30281] CPU: 0 PID: 30281 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2281.731873][T30281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2281.741941][T30281] Call Trace: [ 2281.745240][T30281] dump_stack+0x11d/0x187 [ 2281.749587][T30281] dump_header+0xa7/0x399 [ 2281.754026][T30281] oom_kill_process.cold+0x10/0x15 [ 2281.759227][T30281] out_of_memory+0x21d/0xa30 [ 2281.763839][T30281] ? __rcu_read_unlock+0x66/0x2f0 [ 2281.768881][T30281] mem_cgroup_out_of_memory+0x12b/0x150 [ 2281.774445][T30281] try_charge+0xb60/0xbe0 [ 2281.778865][T30281] ? __rcu_read_unlock+0x66/0x2f0 [ 2281.783897][T30281] ? __rcu_read_unlock+0x66/0x2f0 [ 2281.788942][T30281] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2281.794418][T30281] __memcg_kmem_charge+0xcd/0x1b0 [ 2281.799453][T30281] copy_process+0x12bc/0x3b10 [ 2281.804171][T30281] _do_fork+0xf7/0x790 [ 2281.808247][T30281] ? __read_once_size+0x45/0xd0 [ 2281.813106][T30281] ? ktime_get_ts64+0x286/0x2c0 [ 2281.818082][T30281] __x64_sys_clone+0x12e/0x170 [ 2281.822873][T30281] do_syscall_64+0xc7/0x390 [ 2281.827426][T30281] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2281.833354][T30281] RIP: 0033:0x45c889 [ 2281.837272][T30281] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2281.856968][T30281] RSP: 002b:00007fc0c328ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2281.865403][T30281] RAX: ffffffffffffffda RBX: 00007fc0c328b6d4 RCX: 000000000045c889 [ 2281.873375][T30281] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000026100900 [ 2281.881451][T30281] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2281.889433][T30281] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2281.897448][T30281] R13: 0000000000000074 R14: 00000000004c3143 R15: 000000000076bfac [ 2282.133566][ T2522] block nbd1: Attempted send on invalid socket [ 2282.140777][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2282.152288][T30169] XFS (nbd1): SB validate failed with error -5. [ 2282.378911][T30281] memory: usage 307200kB, limit 307200kB, failcnt 2930 [ 2282.406413][T30281] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2282.487654][T30281] Memory cgroup stats for /syz1: [ 2282.487854][T30281] anon 271073280 [ 2282.487854][T30281] file 20480 [ 2282.487854][T30281] kernel_stack 3944448 [ 2282.487854][T30281] slab 7548928 [ 2282.487854][T30281] sock 53248 [ 2282.487854][T30281] shmem 0 [ 2282.487854][T30281] file_mapped 0 [ 2282.487854][T30281] file_dirty 0 [ 2282.487854][T30281] file_writeback 0 [ 2282.487854][T30281] anon_thp 241172480 [ 2282.487854][T30281] inactive_anon 0 [ 2282.487854][T30281] active_anon 271073280 [ 2282.487854][T30281] inactive_file 0 [ 2282.487854][T30281] active_file 20480 [ 2282.487854][T30281] unevictable 0 [ 2282.487854][T30281] slab_reclaimable 1486848 [ 2282.487854][T30281] slab_unreclaimable 6062080 [ 2282.487854][T30281] pgfault 176088 [ 2282.487854][T30281] pgmajfault 0 [ 2282.487854][T30281] workingset_refault 66 [ 2282.487854][T30281] workingset_activate 66 [ 2282.487854][T30281] workingset_nodereclaim 0 [ 2282.487854][T30281] pgrefill 1367 [ 2282.487854][T30281] pgscan 1394 [ 2282.487854][T30281] pgsteal 335 [ 2283.052050][T30281] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6826,uid=0 [ 2283.111994][T30281] Memory cgroup out of memory: Killed process 6826 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2283.175580][T30160] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2283.218625][T30160] CPU: 0 PID: 30160 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2283.227339][T30160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2283.237396][T30160] Call Trace: [ 2283.240713][T30160] dump_stack+0x11d/0x187 [ 2283.245048][T30160] dump_header+0xa7/0x399 [ 2283.249453][T30160] oom_kill_process.cold+0x10/0x15 [ 2283.254572][T30160] out_of_memory+0x21d/0xa30 [ 2283.259376][T30160] mem_cgroup_out_of_memory+0x12b/0x150 [ 2283.264946][T30160] try_charge+0x7ed/0xbe0 [ 2283.269420][T30160] ? __rcu_read_unlock+0x66/0x2f0 [ 2283.274460][T30160] mem_cgroup_try_charge+0xd7/0x260 [ 2283.279669][T30160] mem_cgroup_try_charge_delay+0x36/0x70 [ 2283.285385][T30160] __handle_mm_fault+0x18f1/0x2cf0 [ 2283.290523][T30160] handle_mm_fault+0x21c/0x540 [ 2283.295298][T30160] do_page_fault+0x4a4/0xa52 [ 2283.299980][T30160] ? do_syscall_64+0x27f/0x390 [ 2283.304757][T30160] page_fault+0x34/0x40 [ 2283.308913][T30160] RIP: 0033:0x41407f [ 2283.312820][T30160] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2283.332425][T30160] RSP: 002b:00007ffc39b30620 EFLAGS: 00010206 [ 2283.338490][T30160] RAX: 00007fc0c324a000 RBX: 0000000000020000 RCX: 000000000045c8da [ 2283.346463][T30160] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2283.354440][T30160] RBP: 00007ffc39b30700 R08: ffffffffffffffff R09: 0000000000000000 [ 2283.362482][T30160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc39b307f0 [ 2283.370464][T30160] R13: 00007fc0c326a700 R14: 0000000000000002 R15: 000000000076c04c [ 2283.521983][T30160] memory: usage 304964kB, limit 307200kB, failcnt 2930 [ 2283.547691][T30160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2283.586108][T30160] Memory cgroup stats for /syz1: [ 2283.586288][T30160] anon 268959744 [ 2283.586288][T30160] file 20480 [ 2283.586288][T30160] kernel_stack 3907584 [ 2283.586288][T30160] slab 7548928 [ 2283.586288][T30160] sock 53248 [ 2283.586288][T30160] shmem 0 [ 2283.586288][T30160] file_mapped 0 [ 2283.586288][T30160] file_dirty 0 [ 2283.586288][T30160] file_writeback 0 [ 2283.586288][T30160] anon_thp 239075328 [ 2283.586288][T30160] inactive_anon 0 [ 2283.586288][T30160] active_anon 268959744 [ 2283.586288][T30160] inactive_file 0 [ 2283.586288][T30160] active_file 20480 [ 2283.586288][T30160] unevictable 0 [ 2283.586288][T30160] slab_reclaimable 1486848 [ 2283.586288][T30160] slab_unreclaimable 6062080 [ 2283.586288][T30160] pgfault 176088 [ 2283.586288][T30160] pgmajfault 0 [ 2283.586288][T30160] workingset_refault 66 [ 2283.586288][T30160] workingset_activate 66 [ 2283.586288][T30160] workingset_nodereclaim 0 [ 2283.586288][T30160] pgrefill 1367 [ 2283.586288][T30160] pgscan 1394 [ 2283.586288][T30160] pgsteal 335 [ 2283.761985][T30160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6647,uid=0 [ 2283.786022][T30160] Memory cgroup out of memory: Killed process 6647 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 17:26:20 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400203) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYRES64], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:20 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(0x0, 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:20 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(0x0, 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:20 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:20 executing program 3: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/99, 0x56}, {&(0x7f0000000200)=""/89}], 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:20 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000040), 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$tipc(r3, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000000c0)="3709ae39ae2b597aa96182d11998aa7bfa9bed08b0ff8bbb4c68093335d30b82e8266c8ff0d46dca6e42f3643d3c3c52a18066b8891a64a4242c4c", 0x3b}, {&(0x7f0000000100)="3853157629bd4a8c8f8b00787b9ede44423d2adb14e194062f3fffd3e594ef4684809f3a6a6ef48102041c9907586f63e59568f4fc7a5f80e406e772a6661b0589c4068021d1fc964658c37398edf21f2d013972965a79c8933e7171c75ffefded63f5e8", 0x64}, {&(0x7f0000000180)="ab233c5abd22942fd34b6d8c83119e089b01b8870cbb0b525a111d26e948f1d98e6c", 0x22}, {&(0x7f0000000280)="f1aa32440b2e0a0e7d86758393308b81533f4faf95316ff87ad9529445b5cccaa16a509f1bdb7140fcbce76bc9d8c48fd076b2c7dece48340d46299e03b231a2dd2d47bff18a715d5a60b4a49a984133f792478cb5aa72109aeb024efc290b8a0f376cd52a26885e18ac63fe2a709e545a0217c0f0199c69826ecb8ec276dcbbcc03a597951acb980dd8598cf7e9d73533e547a76f132312ce74c744b1485af93376f92f66573c83cba6e2f74a3e5ab4650dc45f99964a472d3fd04b2684e7da58e402c3e804595ac1584d1bee31871040aaffdad7e3bed3dcbdba6cf9ad56368b3e8921146a5f7fe5df12641c5cc9e8070feac953a00c191f78b5", 0xfb}, {&(0x7f0000000380)="0d533d86236a13dc4cfb4f4ad2c53ed655abe6", 0x13}, {&(0x7f00000003c0)="16725d07cdc5e5b2deff3cd17a47c723d422fc96cf73ffbec2aa845f3180725de9cf073ce291f14456acddd2a9b14e56d90f55615c64091f88a3587819d6123dcb33470272cca895e71fee7f1042d4909a6c89112e6650d9158c20033328e52adda043d13a0f9d2d0dc89db3c34f119db95639f96b63cc735ca3ec8cc44e6a5ed3cc2479d1bc03b307a04b5a064c7df22269af101a7f7452fffeb1632d684904b14e7da812bc7a50c1b9804e19a249", 0xaf}], 0x6, &(0x7f0000000540)="b000b75a35f04bb0343e47483b17fd7b82180ce4dca6eea903af1eef421802bfd3b471c4eaacf8803ccb7b850ea2b3a5caedd960146838f6d1417672d05ebc9409947ff89a441686b4b9588bad2f195c6dcd4ce0181d0249ee99d8bcaeb050e4f362478d79f14f7004317944b586c90a88eff21f23fa1d68a7f46053bdcb765319daea2cf3fdddb898defc0b5f7400f89e5235f27648b29f4a224c1b1e6bd641c488e74f3bc572a041bf5ff16ac10a6503eb81fb968fe157c26e83c800054fe0408e227b6706d2576e2a7616f06b028a473f9402cf258d46c9ba0c0d5be945297eda86609d4b48d342ec4ed9339c947a49fc1dce717c0b88c09b993d742b39ad965576baa5c0600ddb50306339194ea4991ecb451cabcc077d37e3dfde56e296885b7298dcc57e23dde9f6c55e563c148e477bb5753206f2b4b3c4aaeb65de377071d0d1aa53c3ec5cde06d60b66a803c24864ca1f1f2cf1de99bc1c73b288741ec61a67ce49a513899999b394926f23c1b11cb486264886fc43ba9a5920e649f06701563b7fc4066fb6df29a65ed78f729190295b060b30f61f02671f3cc1fb47e825fb304c9e5e85e7a4fb3290c8de0f8a6e9a2e3b02431b888683c68cbda03577ea3fbe4113418842e1e1b1d00c8bc3d17f66d113e3a5012079cdf0ffc063e7ab49b48a737e065fa0cc49d88e31479c4b821c47bc3ac8e484c1de73a026a5a8b04cf7e3fd9d0fbce980c41b146e0be8a6f2a4c86e5e13d12a61cd1d9053480ffdeb3ea2c09859cccca242b2aa7a5c68445e259f7c11d8292a67e9e7c8054d2f0dbcceb573e36a1f1cfcc95b3ae3874a2dec219264d41106ff270688467d58037aa39abb6bd0612f26e1f833712d0b8d2aabf70ebcf3a8c2a888dccc965242d8327506617fa7855177c8c93c0cc5b137cac816bf73769548e628af8762f3e024f18a2b6e728dc0ea4faab09639992ec894c93d1832968cf75ea453ab8275bb405718e78c7dac067595cd3c0a8f97469027970d39dba9ba36e8969ead27232666aefd7263afcc7c83fe2cd841f0f85fb61c9dbffc3d12c829acbceab5aed0f6d0849bbee2b95d7c8744762b9f7e052a902aabe386c5555f7d40b181c96af5ae990a225aaa9bc5cc3e474152381f1a9a88a3ffbb6330066113d9d9fe2bf7d4f936efa4fb71e85053c577039a867c434f494cdb2d4ac0fca406b95a70f495e77adcc0e892e1f271b06236626120d7ea1677cfc0c04687724e991305c04e1608b666ffc387bc8cdfd091b96ee73208abe08a53e8eb3968725b381521b32e1b443622089b73698360d2734ebc33153066b52989bcaa4a9a636c59a66b1e621fadb7f5e3fb9786bd452025911238e51ba6376d5c0c9e0ed403a84a2f30265cf1d987ae917ed28dfee2197015123dfc84b795b7f7d758796edfc29b86654b1502eb3f48db17ce0b9b9b97b0cda7ee7b7d8ce0803e1ec9f9e4fd78040ec73cb75d1f3ba27b6969249a07dea25f216351d6f6b87f1971f46d8d40c7ecb7143152f9830145d1588a2ee2376602e023b28c5c3f7044b90becb8abb134d88656773aac21ecff9644bf2be8cfb88d867d768563a0cf20ce64b000400642dbc4037ff1731ff913630d6381dee13e1a3b55b76bc97270fac4256303cd6409faf8a255b03755daee47229d5f1dd2917834de7dee12a28e630f292dd73e9566d19b55457a92896930cd2377151afc93923b9e9e90902b3ae1a0da0a547a6608c8ae6ddecf385e7e69e2636d1eb659551f12f96c3321a2115277a73e4604932bff99c59aa0ef65dc87422346cb072fca114636fc84ae31b4d411193000a22793f655205371f139cd389826ab47a5eb720ed24ad2cc4fa4af623988a345ce543ec739fdce8b74fc5c677d8bd5a33a09c4c5198f55214a583a1ee29055c740aa6012becbd8615d520ff4e077eda6162738784eb1f6f540d6b216ab7aca8581484df83f0846e17a113ada43280e4bc60d44891c163c9f0c0da79d121e7194873ff418f33981af3fc2a95f9fc0964b53212981fe9228d2f3879f27ca746c5e5bc1d84ad2a5d212d68d7e4f4ca10b2049eff79d34fd761c64a90038f18d69ff876895a797fbedb49846913aa4279796344af7c136959fe77a18e9d251ce9cd59011926a41c627887758c41aedeb11c1a6d60779bcccdbca06a58f6544ec6de02f7388707c64991b31652798cfa9a0ee46c24d24088e066e1828a6294437357f4b4e35a23ef8a7c3a6d75340e00b16a128e7c554d976fa53430ab4543fd6054483fda54a2b64a4580d8aa01636b19cf062d85b2dbaac4755ee3ed34e13a971d2a38e2c473f8b6953147b792d7f159e648d5feaac1aa3591dd73391534b37969c8c8efafb9e4e6836220e5379f59c4c53cbee41d43ba5c6ddeeb007636b8b7942fd87f9b0d775cdd4f3df87356b8aa0542e134f5fc8492b35b3a5ae4db3fca14b268ccabba0b4eee93c5dbc6346540e48e0c683d1fc4f66b6270841565f072b65fb3e45ef638c45d73d550730f4ef2dbaa8228ac749beb43a2a05bcd3441bc34f570da8a2cf01476d536fd65c89bc0188ddc206c30f1bf429466c46c772d9fe1a544f8afb91e75d3ecd9792898db256ebd9a06d489bab2bc865b729cae81e521a3553e75e197316eab91f92f77785a10c734d0feb8127e8538ac25eb22f66b23e18f6ceb04e0d1e388ebb766b75bef017bd169dff911157b8f8c4deb2b6235a6db9cb2723aae92ece19349a0edf20dbd1a65153138bf46fb28e5d2d36094a648dfe2b0000a013062430fea5e7da58328f6a35004861cd6b0daba6f532af3510219c7b0c8e670f2aa547ed80f176c24868586a16e7d2dd54fbf7e4fbcf82b8e89688d5de760b7effa579d068e117f6537f8725bf44828b5e385fdc7cd1a4614d887b816d5d6c1cd18ac7a95408754f3b0c3f4faadd9f451dab1654a8c7eaf3bc89f173699dbefccf8c6fd8a7ebef0a7032654b10c19131ced857b669e4572a88e7fd6b0baf0ec333a3212ad217b5f9e0f9f13ccca32bf43e1c904885d7e3e566d080fbbe8c4f1a431ab8b15a2d5ccf54f800661ad73f547c366135e5bba3ab3e3c65f3b9dbf739d5fd8f4b04bfbeccc582547f1f019aa53d71d9ce88d9e5e4655fce4b9b7e77304c7c3c2f7363e7a63bc7655a59bbace768f463034db9914c2bd51e977d3fd3ca21808924d475484e9a9d8187282632c12c01d8d940cb280d5fd5f65265b4353b13770a4b5df06cce0bb385caaa191cd25ced568033d36d9038500780d597ba4f605218e612e85c45b67b9ccbe035a69751843075f60805179b62990a0b4b928e2f5a09d3b8ee1bf93b9d50744466ed24b3f695b12f06f21b706b70ab3b744ed6090b2d5ee65ed384e431098733546dc3fe5da8ddfe1632794938069adf9ba47362918c66a50e94e56e439386becda744438a87ff79cd075aeaa8488b61acbe9c9249cdf4be726efa9618dcd33b558623023ab5b915ecde10e7fad53cde3974b090f6916cc5005f86f1d8acde371da66083d73f9ae2a2c999e453bd340ba7c8ca1ff7b0da6fc3778263e8ecbb960f512b82194467d68b98a2bb5369a8abd3106090453672e820ec04de05264a65f0a8a5eda2d43781663bd05b0adf86ca4a2d23f68cecfb680e2c9f1fa28607c93665255d0bf90d19c21e6c6653f7a85a4844d03d9971b1676dcb4d7ff3cdaff1dd28e689263e04a23aa6038fc3732eeb50e4ecca2cc6fd9246fc469af79030efbd00ad0f68e8a9308bc0210c60b277e59f703e4ec607fde573656e858887b1777ee1c21e79e5342d8f01506e60b7fc247dca76d0b3632eea69d7788c4ff4584df2dd8d74e9ff37d8159df7e19484e7824a19b9c6236488d0cbe6be09d837a2df0a2db3cc203f1643a8e5c55771d36b6a8637ea7b3b8899c83e721e92e5b9d80b4afb4401812d9595136eb6bec9dca6968d4827281264482695585e2510d389aa45784dd26a14be4ccd045163ad51c2c8dd20f5222ad2479b680d7697c16538417631951859903ab5f95b57753e3a03479c0186a5e630cd836111b809e8db20cf8c0a71d11573b27d8f7a2a237546326427183c5d94729bf50e08b2b7158d1d48082240da21acfad000d63496a17766c8a90d60ff274efa918cd0779da92b92ac8b37c2c37f3bfd06ea8a01d01e9292fd090d101c274c9d2349883ceebed5fb6311a27d6c66659235dd8447e3fdfb30cd9bc9e699a147e696ac9a8128eb1cb73bf00e17176f00639e02442ff61072163e847d90445987e424d88e5309eaf7923911cb7b74023b0266d0985cc7da711b84cae78d8ece76eb08040d05ce9a9c18fb1db14a61decc7a3504a53f59fb4cb1c21ef6084463d6d9bfab54f62a108b88df6f3da4cd61c5b4ea6402f2ca55f570df0941518dc83300fd2c7bbe4061f9d01299c784a0e94e07581c04cc0c739187f3dfec9bb707885bd26994593049bfac230ccc06de31cbf30230de64bd969b5768752b19cdc71d1409fc9ff6d71ca9409d2dce6b6cf83568bdaff837cb945185dbf15b755b3430a26bd13809f59dce846f25ef96375b2cefd7ca4d180061edc04c47fe6daa3363f7d831241f3e742eeaeecd48d84f814b777156cda7e1da620157ac2e5cdd1e6de6d60471cab77dc1ea951f479b092a8db5742629fcb3c0e61c0f03879c2ed731256b3e4825acbc33be0e61575b778e064e01a5fcef9953821e6214d6786dc6669c461bc3af17909e2cbbf0d2c32883791a82a470ab67fd7bf60f1659b8df55fa8ef35c8394d7832d01bbda4e42d3ba5dc9136ce339871c07905e5ac0f0970532749cb07a29dddffc3bcc6b2dbe05cbc6d429d7bbf706820c88894402ee31b178665c0fa7762522cfdcce990b43735d01d20e645314351120f0dd9eb474519cc6b8cace68021fa6b42011e5622d8acfe7ad32e5fc5c7f3bd032ab88624c2ba9f621fde07c052e8d7f36c86e88d98e562e33f7af66bac1b6dbf694fb2d48009e7cdd0442ce6b500c6d0f8c8f6ef2db191c73d1600541e94a10bef3a23063c356c8b1fefd6217bb88bc492db181f40293696603f0862c23a7ec0059d748f0fdbf749cfb9c2624dab50bbe0f702ceee76e29059f8b4bbabf89a7dcb03881161cb0689ef311f87a955f90b407da92cebb1a58615f8bb94b6f499eb1cba268dd1149a666ce2171b2d4243403ad0fa521cf6380677942f0d3242a90bf5ac3737122dca585807dcde607920aebf8c7e8cf4ff76563cb5e0171cc1b93aee510eb990ca75dffff892393762ee23389a422555da0a41fd4ce9b7475b12da700fd811935132aba17c63f2ca63ee8f43f778f417ef69df952dc443a9bc9e5e7abf48856a0ab6b372f97a63ed76af7782363679a413506398dfc7999ffa1914900e804ca270cbc87440a6afadfb8ce7fe4e33967bff045a07b4c166378a94908912c1e2b28658b4297270fc5a15192dbcda2b098724937e6f3c94308ff3cb6626a3ecd0a0c5455ff091056033881733dfcf7d48a41a965dcc41c0dac3a7c7b9fb88f77c0a6ec40c49fa7b16607a207ac1323fee06b1798a80bca100a0557439718848712e836ffc6833cf10764c2564caf2c869cf49bf7272af12935e382881a025180c8254a8559bf4ff3d9f4fa1c4e893452be536a71716be2c3aab07ebf408e4a95b95a901440d04ff8795372ecfa132dbc87e5fce75391d3be45aeb2c771394265c0f2f65df909fa536a5c6aa5b381b737fcb3a27e799c83abdb50f85bd416d8d7b83707eed008", 0x1000, 0x4004800}, 0x20000000) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2284.381973][ T27] audit: type=1804 audit(1586453180.566:44960): pid=30343 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2566/bus" dev="sda1" ino=17661 res=1 [ 2284.612919][ T2522] block nbd1: Attempted send on invalid socket [ 2284.619161][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2284.630558][T30352] XFS (nbd1): SB validate failed with error -5. 17:26:21 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x2, 0x1, &(0x7f0000000180)=[{&(0x7f0000000100)="1a05ad82569983f1fee2d17b7c4726d6fbeab036ef273b28c13493146d4b43f2d830a92429c827600f523f4d483f67e02c5b98e1095b63da2633c935f6c6a9513a8479540f5244b426d4d40df4a361845c14fc9fdfb3944432efeac01015520845726f81123b9e52cef7b1900c9f07853142a24c5d39ea", 0x77, 0x1}], 0x0, &(0x7f0000000280)={[{@errors_continue='errors=continue'}, {@uid={'uid', 0x3d, r3}}, {@resize_size={'resize', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@discard='discard'}], [{@fsname={'fsname', 0x3d, '/dev/nbd'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@uid_lt={'uid<', r5}}, {@audit='audit'}, {@uid_eq={'uid', 0x3d, r7}}, {@hash='hash'}, {@euid_lt={'euid<', 0xee00}}, {@audit='audit'}]}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000380)={0x6, 0x7, 0x7}) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x7, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x80) 17:26:21 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xc0, 0x0) 17:26:21 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:21 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:21 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(0x0, 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:21 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xc0, 0x0) 17:26:21 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xc0, 0x0) [ 2285.450772][ T27] audit: type=1804 audit(1586453181.636:44961): pid=30482 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3400/bus" dev="sda1" ino=16711 res=1 [ 2285.579144][ T27] audit: type=1804 audit(1586453181.696:44962): pid=30483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2567/bus" dev="sda1" ino=17653 res=1 17:26:22 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xc0, 0x0) [ 2285.809212][ T2522] block nbd4: Attempted send on invalid socket [ 2285.815510][ T2522] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2285.829125][T30493] XFS (nbd4): SB validate failed with error -5. 17:26:22 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000001c0)=[{0x20}, {}, {0x0, 0x80, 0x1, 0x1}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x2, 0x109041) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f0000000200)=[{&(0x7f0000000240)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b5328f3455ccf2f7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0959013e3f343094fe27c43db264d0aff50bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b5100", 0xfc, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, 0x0, 0x2, &(0x7f0000000440)="88cc6fc0b49e3d22eefb86c7744c432bc01100e09284388c88dc104f342dcfeede546544028b280e24cfaea7e25697ebb593726e71d24bae6c90c8320273210c11b02b5770b15e685838572f943c46683ab095a7dd6320cee052c2a87c8068f42feea4f8a49085ed441b62fc1b1fde36509289ad0f27f90d54f8") ptrace$cont(0x7, r2, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x80, 0x0) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) kcmp(0x0, r2, 0x0, r3, r4) 17:26:22 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xbe, 0x0) 17:26:22 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:22 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2286.522668][ T2523] block nbd3: Attempted send on invalid socket [ 2286.528885][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2286.550075][T30737] XFS (nbd3): SB validate failed with error -5. 17:26:22 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xbe, 0x0) 17:26:22 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r3, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000140)={r3, 0x29f}, 0x8) sendmsg$AUDIT_DEL_RULE(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)={0x444, 0x3f4, 0x200, 0x70bd29, 0x25dfdbfc, {0x4, 0x1, 0x33, [0x609c90cc, 0xfffffff9, 0x2, 0x10000000, 0xf76, 0x3, 0xfff, 0x7ff, 0x1, 0x4, 0x3f, 0x80000000, 0x1f, 0x0, 0x1, 0x5, 0x8001, 0x7, 0x4, 0xde62, 0x1ff, 0x200, 0x4, 0x10000, 0x8, 0x6, 0x8001, 0x7fff, 0x8, 0xb6, 0x800, 0x706b, 0x8, 0xe000, 0xffffffff, 0xd9, 0x8, 0x80000001, 0x5, 0x2, 0x0, 0x3, 0x4, 0xbb35, 0x7, 0x6, 0x0, 0x2, 0x3, 0xa56, 0x1, 0x100, 0x5, 0x400, 0x9, 0x101, 0x10000, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8000, 0x2], [0x1fa, 0x80000000, 0x8001, 0x9, 0x80000001, 0xfff, 0xffff, 0x1ff, 0x2, 0x1, 0x41, 0x8503, 0xbc, 0x9, 0x90c, 0x8422, 0x7ff, 0x7f, 0x6, 0xffffd9eb, 0x48a7, 0x3, 0x2, 0x0, 0x3ff, 0x7, 0x0, 0x8f1, 0x80000000, 0x0, 0x7, 0xfff, 0x4, 0xab, 0x6, 0x4b78, 0x2, 0x5, 0x20001, 0x2, 0x1, 0x7, 0x3, 0x7, 0x3ff, 0x2, 0x2, 0x40, 0x8c, 0x5, 0xffffffff, 0x6, 0xb6ae, 0x1, 0x8000, 0x8, 0x206, 0x10001, 0x0, 0x6, 0x7, 0x81, 0xa, 0x4], [0x2, 0x9, 0x0, 0x5, 0x20000009, 0x100, 0x3, 0x4, 0xffff, 0x5000, 0x7ff, 0xa6c6, 0x0, 0x80000000, 0x7fffffff, 0x40, 0x2, 0x4a, 0x3, 0x9, 0x386c, 0x2, 0x9, 0x0, 0x8001, 0x5, 0x5, 0x400, 0x1, 0x2, 0x18, 0x526, 0x9, 0x6, 0x6, 0x6, 0x8, 0x3, 0xecd, 0x1f, 0xa6, 0x8000, 0x2bb, 0x3, 0x2, 0x8, 0x0, 0x6, 0x7, 0x7fffffff, 0x38d0, 0xb0, 0x3, 0x401, 0x100, 0x2, 0x7fff, 0x6, 0x3, 0x7, 0x5, 0xffff7fff, 0xffffffff, 0x6a], [0x800, 0x20, 0x9, 0x0, 0xcbc, 0xff, 0x3, 0x7, 0x1, 0x9d, 0xff, 0x5, 0x3e, 0x2, 0x9f, 0xffff8000, 0x0, 0xfffffff7, 0x6, 0x504, 0xffff0000, 0x5, 0x600000, 0x2, 0xffff895b, 0x1, 0x5, 0x1, 0x6, 0x8000, 0xf728, 0x9, 0x56, 0xed7e, 0x6, 0x1, 0x7, 0x81, 0xc00, 0x6, 0xfff, 0x8, 0x0, 0x401, 0x7, 0x5, 0x80000000, 0x3, 0x8, 0x3f, 0x1, 0x0, 0x9, 0x3, 0x1, 0x73a0, 0x4f, 0xff, 0x101, 0x7cda991c, 0xed, 0x1ff, 0x9, 0x3f], 0x21, ['/dev/nbd', '!$\x00', 'xfs\x00', 'xfs\x00', '\x00', '\x00', 'em1(^/ppp1\'\x00']}, ["", ""]}, 0x444}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) semget(0x0, 0x3, 0x102) 17:26:22 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xbe, 0x0) [ 2286.817563][ T27] audit: type=1804 audit(1586453183.006:44963): pid=30852 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3401/bus" dev="sda1" ino=17656 res=1 [ 2286.951737][ T27] audit: type=1804 audit(1586453183.006:44964): pid=30850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2568/bus" dev="sda1" ino=17203 res=1 [ 2287.206217][ T2522] block nbd0: Attempted send on invalid socket [ 2287.212562][ T2522] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2287.231466][T30861] XFS (nbd0): SB validate failed with error -5. [ 2287.249128][ T2522] block nbd3: Attempted send on invalid socket [ 2287.255479][ T2522] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2287.266670][T30863] XFS (nbd3): SB validate failed with error -5. [ 2287.372768][ T2522] block nbd1: Attempted send on invalid socket [ 2287.379001][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2287.391333][T30862] XFS (nbd1): SB validate failed with error -5. 17:26:23 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xbe, 0x0) 17:26:23 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0xbe, 0x0) 17:26:23 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:23 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:24 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="0db3b5a3c67ffb265815a851acd4a034e0f84e0c5a0218057b80b91272f18d47bc9b1e831d68f8d6c618a3f9685be4eb21c9d328a85c64d9ee0246d498f68d3cb829c3ca1212c225271fe4dc42626aa7b15c7ac4ce42fbc2e935a27dd668f7076761"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2287.779765][ T2523] block nbd3: Attempted send on invalid socket [ 2287.786036][ T2523] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2287.797481][T30991] XFS (nbd3): SB validate failed with error -5. 17:26:24 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2287.979645][ T2522] block nbd4: Attempted send on invalid socket [ 2287.985936][ T2522] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2288.017299][T31001] XFS (nbd4): SB validate failed with error -5. [ 2288.051410][ T27] audit: type=1804 audit(1586453184.236:44965): pid=31118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2569/bus" dev="sda1" ino=17652 res=1 17:26:24 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {0x5, 0x2}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2288.245492][ T27] audit: type=1804 audit(1586453184.356:44966): pid=31125 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3402/bus" dev="sda1" ino=17679 res=1 17:26:24 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:24 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) [ 2288.370328][ T27] audit: type=1804 audit(1586453184.476:44967): pid=31127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/662/bus" dev="sda1" ino=17657 res=1 17:26:24 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2288.677950][ T27] audit: type=1804 audit(1586453184.866:44968): pid=31243 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3403/bus" dev="sda1" ino=17661 res=1 [ 2288.694470][T31245] virtio-fs: tag not found 17:26:25 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:25 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f00000000c0)) r3 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x840, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) llistxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000540)=""/4096, 0x1000) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2289.152427][ T27] audit: type=1804 audit(1586453185.346:44969): pid=31250 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/663/bus" dev="sda1" ino=17664 res=1 17:26:25 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {0x5, 0x2}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:25 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:25 executing program 3: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2289.734468][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 2289.734488][ T27] audit: type=1804 audit(1586453185.926:44971): pid=31377 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir264039992/syzkaller.Kl3oPy/664/bus" dev="sda1" ino=17687 res=1 17:26:26 executing program 4: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:26 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {0x5, 0x2}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2289.784787][ T2523] block nbd1: Attempted send on invalid socket [ 2289.791093][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2289.809814][T31362] XFS (nbd1): SB validate failed with error -5. 17:26:26 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='ocfs2\x00', 0x0, 0x0) futimesat(r1, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={{0x77359400}}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2289.989095][ T27] audit: type=1804 audit(1586453185.926:44972): pid=31370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3404/bus" dev="sda1" ino=17682 res=1 17:26:26 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(0x0, 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:26 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:26 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r3, 0x110, 0x5, &(0x7f0000000040)=[0x1, 0x4], 0x2) [ 2290.435196][ T27] audit: type=1804 audit(1586453186.626:44973): pid=31489 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2875/bus" dev="sda1" ino=17680 res=1 17:26:26 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2290.612002][ T27] audit: type=1804 audit(1586453186.796:44974): pid=31497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2571/bus" dev="sda1" ino=17684 res=1 [ 2290.625528][T31504] virtio-fs: tag not found 17:26:26 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000000c0)={0xa20000, 0x4, 0x80000001, r1, 0x0, &(0x7f0000000080)={0x990a79, 0x6, [], @string=&(0x7f0000000040)=0x3f}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000480)={0x28, r4, 0x703, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}]}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f0000000380)=0xe8) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0x2d4, r4, 0x4e4e5745a9b8edc3, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0xa0, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x7c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x11c, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_STRSET_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x40804}, 0x20004010) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r8, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5020000000000000019a97ab8c129e2cb88ae4b7e280100008000000000b478437412aa706d09008f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0dba64d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f63d78afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b5100"/241, 0xf1, 0x7ffffffc}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:27 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x8, 0x0) [ 2290.921432][ T27] audit: type=1804 audit(1586453187.106:44975): pid=31513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3405/bus" dev="sda1" ino=17688 res=1 [ 2291.350506][ T2523] block nbd0: Attempted send on invalid socket [ 2291.356867][ T2523] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2291.377943][T31527] XFS (nbd0): SB validate failed with error -5. 17:26:27 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:27 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(0x0, 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:27 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='/dev/nbdo0\x00'], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:27 executing program 0: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(0x0, 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2291.720662][T31542] virtio-fs: tag not found 17:26:28 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2291.846716][ T27] audit: type=1804 audit(1586453188.036:44976): pid=31547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2572/bus" dev="sda1" ino=17672 res=1 17:26:28 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2f642f6e62643000f21c6b9617de60e6a08ba6e61ff61d2d4bad7c"], &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2292.049349][ T27] audit: type=1804 audit(1586453188.236:44977): pid=31554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3406/bus" dev="sda1" ino=17655 res=1 [ 2292.175439][ T27] audit: type=1804 audit(1586453188.326:44978): pid=31550 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir556086311/syzkaller.HrbGUZ/3268/bus" dev="sda1" ino=17697 res=1 17:26:28 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='virtiofs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x2000000, 0xfffffffffffffd5e, 0x0, 0x208000, 0x0) 17:26:28 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SIOCX25SENDCALLACCPT(r1, 0x89e9) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="2f66ffffffd7f5352f4f09ed5d9d912a4d32487f00000000f72feba907802e5831714ce83217562880637faf1eb6663d75f85a29ae5300008f78c253feed9084e59c7ef84c55a8df9b6be6570d482d7b16c438c7359718bf33a7ef3cf0e0f1ea9df9be2d621aa86237dc58b58267c799009684429a4d10ad9327e7f97dc62adb9ab0986bc795c44cfe4eef93e82a0f58cee2f8a26b73390420c23496"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:28 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(0x0, 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:29 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2292.950828][ T27] audit: type=1804 audit(1586453189.136:44979): pid=31572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2573/bus" dev="sda1" ino=17701 res=1 [ 2292.986101][T31571] virtio-fs: tag not found 17:26:29 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:29 executing program 0: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2293.325685][ T2522] block nbd4: Attempted send on invalid socket [ 2293.331979][ T2522] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2293.342234][ T27] audit: type=1804 audit(1586453189.526:44980): pid=31586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3407/bus" dev="sda1" ino=17697 res=1 [ 2293.382052][T31581] XFS (nbd4): SB validate failed with error -5. 17:26:29 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mount(&(0x7f00000000c0)=ANY=[@ANYRESHEX=r3], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) semget(0x1, 0x1, 0x42) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:30 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r2, 0xc573de0d27bdfe6f, 0x0, 0x0, {0x15}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x138, r2, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x8c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa7c}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x90}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff0000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3e9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffffc0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7c95e4dd}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4e0}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4e}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000081}, 0x40) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:30 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:30 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = msgget$private(0x0, 0x0) msgsnd(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="86494968ce555fd15f86c6d38067bd2c34e51c245217cab92c34ac78175cb1881a76ae78be27764b155ae9508349f773b80435c532fb5043d0982ec75273971b79632dd1701ca40aa3fab3f925e215fb9aa63ad5dba84ba6c0bb3eecc26ba18e30c561eaa6ceaa95cda1175a1e884f71bd38f02c9f35976398bdf2d3ebd2e9638bc1353f3c34f009a912633004d4b070278918ad87de08c959fd48ee1eeac84928cf6d24998449d112e8924e56eb01eb926d002a8d446ddab9fc8ab0b92413687e5b8aa48fd8dc80b00a0b77f7ff8cd9d72f2528b6a242d535c10d9070ba51006ca2e427501625b7d2c00b26a28ce2585d27becfda9c3c593d434567edd1d059b398c6be464e09dc100cf060891ea263005311aa632f671c698f4f1320f964515e4459d47af2068ba2f5388c934216a00ff5fefb154b258c1f34e4d0e119661b85e64c477694cb8287c5c40d14cfbb"], 0x8, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000f00f88)) msgsnd(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="000bd15bd4e04cc2157fa22f8f2736fe3e87d1bf58a6d2022c00526799bb610c42dce36e9b1a1ac32767a0a8601799c7ab74d3cf358c7c75f710f0f36f2a7a6a59a1abe9b56e912f1b03d06964907bff3e87a429424ea4e869bbe3b5992a0dae0a78bb9e5248a43dfed1362e39ab0a6045016446ac7a1d291a8c5f08de4a5dc1e59e5a88938a16fc15ff7f40d8fd1701a2c877fb9f2275962f4569e0d4130781414c83816f4bae6e08c6566c3f3c4d927c7faa28b6153ab5f78dd184e418585a5e0f4465b149173a69d34dad515b4a789ab034fb4d91cf03b8066f9c629911cf6cf0c77c897bc71bab3c1e0b7e1f862c3fefbb6e855a14510e68b29045"], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000002c0)}], 0x1) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, 0x2, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x24}}, 0x4c800) msgrcv(r2, &(0x7f0000000300)={0x0, ""/210}, 0xda, 0x3, 0x2000) msgrcv(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000de000000fb584f140000000000000000004043e137b1e8b630ddbe07e9548dd6900000000000000000594df503379b88646e46f5513b"], 0x2b, 0x0, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000580)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) msgctl$IPC_STAT(r2, 0x2, &(0x7f00000000c0)=""/133) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='/dev/nullb0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)='vfat\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:30 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:30 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0xffffc00000000000, 0x24001) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rose(r1, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB="2f1e4558ee64090084772ddbede121653eff564572ad8bc3ae71525174661edccdf795a799249fe82ce314ae9b5211d425b9fbda20bfeb70f45b2d30a08def690cd38726a4d28a58699fed0edac11e9349fdbb43d2252accb7234d71cc8f046dd27048113e44424c025fe8c0efb88c377f888bfdece050e01a3bfb1888d2f8b81cf2915d379a8814c1a65a3851827e3d86241559288a46ab097923cc55ae6884fe6b8fa745543f280734d9a2f24d8a37e954848a4e9c00cd81c7adad813d03917988b947c87f4365604696ab2215"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 17:26:30 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:30 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = msgget$private(0x0, 0x0) msgsnd(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="86494968ce555fd15f86c6d38067bd2c34e51c245217cab92c34ac78175cb1881a76ae78be27764b155ae9508349f773b80435c532fb5043d0982ec75273971b79632dd1701ca40aa3fab3f925e215fb9aa63ad5dba84ba6c0bb3eecc26ba18e30c561eaa6ceaa95cda1175a1e884f71bd38f02c9f35976398bdf2d3ebd2e9638bc1353f3c34f009a912633004d4b070278918ad87de08c959fd48ee1eeac84928cf6d24998449d112e8924e56eb01eb926d002a8d446ddab9fc8ab0b92413687e5b8aa48fd8dc80b00a0b77f7ff8cd9d72f2528b6a242d535c10d9070ba51006ca2e427501625b7d2c00b26a28ce2585d27becfda9c3c593d434567edd1d059b398c6be464e09dc100cf060891ea263005311aa632f671c698f4f1320f964515e4459d47af2068ba2f5388c934216a00ff5fefb154b258c1f34e4d0e119661b85e64c477694cb8287c5c40d14cfbb"], 0x8, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000f00f88)) msgsnd(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="000bd15bd4e04cc2157fa22f8f2736fe3e87d1bf58a6d2022c00526799bb610c42dce36e9b1a1ac32767a0a8601799c7ab74d3cf358c7c75f710f0f36f2a7a6a59a1abe9b56e912f1b03d06964907bff3e87a429424ea4e869bbe3b5992a0dae0a78bb9e5248a43dfed1362e39ab0a6045016446ac7a1d291a8c5f08de4a5dc1e59e5a88938a16fc15ff7f40d8fd1701a2c877fb9f2275962f4569e0d4130781414c83816f4bae6e08c6566c3f3c4d927c7faa28b6153ab5f78dd184e418585a5e0f4465b149173a69d34dad515b4a789ab034fb4d91cf03b8066f9c629911cf6cf0c77c897bc71bab3c1e0b7e1f862c3fefbb6e855a14510e68b29045"], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000002c0)}], 0x1) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, 0x2, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x24}}, 0x4c800) msgrcv(r2, &(0x7f0000000300)={0x0, ""/210}, 0xda, 0x3, 0x2000) msgrcv(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000de000000fb584f140000000000000000004043e137b1e8b630ddbe07e9548dd6900000000000000000594df503379b88646e46f5513b"], 0x2b, 0x0, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000580)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) msgctl$IPC_STAT(r2, 0x2, &(0x7f00000000c0)=""/133) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='/dev/nullb0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)='vfat\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:31 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:31 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:31 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:31 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = msgget$private(0x0, 0x0) msgsnd(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="86494968ce555fd15f86c6d38067bd2c34e51c245217cab92c34ac78175cb1881a76ae78be27764b155ae9508349f773b80435c532fb5043d0982ec75273971b79632dd1701ca40aa3fab3f925e215fb9aa63ad5dba84ba6c0bb3eecc26ba18e30c561eaa6ceaa95cda1175a1e884f71bd38f02c9f35976398bdf2d3ebd2e9638bc1353f3c34f009a912633004d4b070278918ad87de08c959fd48ee1eeac84928cf6d24998449d112e8924e56eb01eb926d002a8d446ddab9fc8ab0b92413687e5b8aa48fd8dc80b00a0b77f7ff8cd9d72f2528b6a242d535c10d9070ba51006ca2e427501625b7d2c00b26a28ce2585d27becfda9c3c593d434567edd1d059b398c6be464e09dc100cf060891ea263005311aa632f671c698f4f1320f964515e4459d47af2068ba2f5388c934216a00ff5fefb154b258c1f34e4d0e119661b85e64c477694cb8287c5c40d14cfbb"], 0x8, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000f00f88)) msgsnd(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="000bd15bd4e04cc2157fa22f8f2736fe3e87d1bf58a6d2022c00526799bb610c42dce36e9b1a1ac32767a0a8601799c7ab74d3cf358c7c75f710f0f36f2a7a6a59a1abe9b56e912f1b03d06964907bff3e87a429424ea4e869bbe3b5992a0dae0a78bb9e5248a43dfed1362e39ab0a6045016446ac7a1d291a8c5f08de4a5dc1e59e5a88938a16fc15ff7f40d8fd1701a2c877fb9f2275962f4569e0d4130781414c83816f4bae6e08c6566c3f3c4d927c7faa28b6153ab5f78dd184e418585a5e0f4465b149173a69d34dad515b4a789ab034fb4d91cf03b8066f9c629911cf6cf0c77c897bc71bab3c1e0b7e1f862c3fefbb6e855a14510e68b29045"], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000002c0)}], 0x1) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, 0x2, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x1}]}, 0x24}}, 0x4c800) msgrcv(r2, &(0x7f0000000300)={0x0, ""/210}, 0xda, 0x3, 0x2000) msgrcv(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000de000000fb584f140000000000000000004043e137b1e8b630ddbe07e9548dd6900000000000000000594df503379b88646e46f5513b"], 0x2b, 0x0, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000580)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) msgctl$IPC_STAT(r2, 0x2, &(0x7f00000000c0)=""/133) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='/dev/nullb0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)='vfat\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:31 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:31 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r2, 0xc573de0d27bdfe6f, 0x0, 0x0, {0x15}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x138, r2, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x8c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa7c}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x90}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff0000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3e9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffffc0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7c95e4dd}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4e0}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4e}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000081}, 0x40) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') 17:26:31 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) [ 2295.516873][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 2295.516895][ T27] audit: type=1804 audit(1586453191.706:44984): pid=31856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2575/bus" dev="sda1" ino=17649 res=1 17:26:31 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/icmp6\x00') preadv(r0, &(0x7f00000017c0), 0x1c6, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r2, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:31 executing program 3: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/icmp6\x00') preadv(r0, &(0x7f00000017c0), 0x1c6, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x20}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r2, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) [ 2295.799927][ T27] audit: type=1804 audit(1586453191.976:44985): pid=31981 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3409/bus" dev="sda1" ino=17698 res=1 17:26:32 executing program 4: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000680)=""/86, 0x56}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x20}, {}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r2, 0xc573de0d27bdfe6f, 0x0, 0x0, {0x15}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x138, r2, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x8c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa7c}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x90}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff0000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3e9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffffc0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7c95e4dd}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4e0}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4e}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000081}, 0x40) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x91d3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000440)="43a564d23ccea32b5443c6377ca8c2724276744a4085f4b31da581bd98eed75e27edc20c97a28ee72e68747da1ae8eed04c93f5a1d435f06d5653224b8f387d74819a97ab8c129e2cb88ae4b7e28d04ff4f9ecadff96b478437412aa706dbc0a8f7e4398f6941cbaf55b2825ab274954d4636d9cb9f8bbe0db264d0afffb578a3dbe98f64450bd990a00f89bb75dc7a99d0c174f722280bdc97045a34e422bdd87cd6c41f61f6103c61f2cac45a9194c8cee7c5c023278afa39780ba189fc6b74f8021745c9bc11030b49cad0d8d7f6a8fc39f7a0ad2e7ff354aa65fbc06f32ef25d4589e32429870240e11480d8454b51", 0xf1, 0x7fffffff}], 0x10006, &(0x7f0000000340)='net/snmp\x00') [ 2295.947648][ T2522] block nbd1: Attempted send on invalid socket [ 2295.953997][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2295.965921][T31995] XFS (nbd1): SB validate failed with error -5. 17:26:32 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x4801000000000000, 0xc050787274, 0x0, 0x0, 0x0) 17:26:32 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:32 executing program 0 (fault-call:8 fault-nth:0): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 17:26:32 executing program 3: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/icmp6\x00') preadv(r0, &(0x7f00000017c0), 0x1c6, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x20}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r2, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:32 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:32 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1b, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="85313b6602f41c7fc91b0000", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000280)='syzkaller\x00', 0x9, 0x55, &(0x7f00000002c0)=""/85, 0x41000, 0xc, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0xa, 0x3, 0x3ff}, 0x10, 0xffffffffffffffff, r5}, 0x78) r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2296.806400][ T27] audit: type=1804 audit(1586453192.996:44986): pid=32128 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2576/bus" dev="sda1" ino=17654 res=1 [ 2296.855538][T32136] FAULT_INJECTION: forcing a failure. [ 2296.855538][T32136] name failslab, interval 1, probability 0, space 0, times 0 [ 2296.868244][T32136] CPU: 1 PID: 32136 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 2296.877039][T32136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.887097][T32136] Call Trace: [ 2296.890403][T32136] dump_stack+0x11d/0x187 [ 2296.894758][T32136] should_fail.cold+0x5/0xf [ 2296.899359][T32136] __should_failslab+0x82/0xb0 [ 2296.904140][T32136] should_failslab+0x5/0xf [ 2296.908568][T32136] kmem_cache_alloc+0x23/0x5e0 [ 2296.913361][T32136] ? tomoyo_check_open_permission+0x106/0x2d0 [ 2296.919438][T32136] ? iov_iter_advance+0x21c/0x900 [ 2296.924491][T32136] __build_skb+0x37/0x80 [ 2296.928749][T32136] __napi_alloc_skb+0x185/0x210 [ 2296.933642][T32136] napi_get_frags+0x5a/0xa0 [ 2296.938235][T32136] tun_get_user+0x61e/0x25e0 [ 2296.942908][T32136] ? apparmor_file_open+0xf1/0x770 [ 2296.948044][T32136] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2296.953962][T32136] tun_chr_write_iter+0x75/0xc0 [ 2296.958824][T32136] new_sync_write+0x303/0x400 [ 2296.963516][T32136] __vfs_write+0x9e/0xb0 [ 2296.967797][T32136] __kernel_write+0xb0/0x230 [ 2296.972396][T32136] write_pipe_buf+0xad/0xe0 [ 2296.976939][T32136] __splice_from_pipe+0x298/0x4a0 [ 2296.981972][T32136] ? do_splice_direct+0x1d0/0x1d0 [ 2296.987094][T32136] ? do_splice_direct+0x1d0/0x1d0 [ 2296.992125][T32136] splice_from_pipe+0xc2/0x100 [ 2296.996959][T32136] default_file_splice_write+0x41/0x90 [ 2297.002427][T32136] ? generic_splice_sendpage+0x60/0x60 [ 2297.007890][T32136] do_splice+0x6c7/0xc30 [ 2297.012143][T32136] ? __fget_light+0xc0/0x1a0 [ 2297.016744][T32136] __x64_sys_splice+0x1fd/0x210 [ 2297.021780][T32136] do_syscall_64+0xc7/0x390 [ 2297.026392][T32136] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2297.032324][T32136] RIP: 0033:0x45c889 [ 2297.036227][T32136] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2297.055834][T32136] RSP: 002b:00007f21d32aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 2297.064251][T32136] RAX: ffffffffffffffda RBX: 00007f21d32ab6d4 RCX: 000000000045c889 [ 2297.072228][T32136] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 2297.080301][T32136] RBP: 000000000076bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 2297.088276][T32136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 2297.096245][T32136] R13: 0000000000000ba2 R14: 00000000004ce6ca R15: 0000000000000000 [ 2297.178334][ T27] audit: type=1804 audit(1586453193.346:44987): pid=32215 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3410/bus" dev="sda1" ino=17711 res=1 17:26:33 executing program 3: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/icmp6\x00') preadv(r0, &(0x7f00000017c0), 0x1c6, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x20}]}, 0x10) sched_setattr(0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES64], 0x10) recvmmsg(r2, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) 17:26:33 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:33 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:33 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2297.738648][ T27] audit: type=1804 audit(1586453193.926:44988): pid=32374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3411/bus" dev="sda1" ino=16915 res=1 [ 2297.920576][ T27] audit: type=1804 audit(1586453194.106:44989): pid=32383 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2577/bus" dev="sda1" ino=17059 res=1 [ 2298.046590][ T27] audit: type=1804 audit(1586453194.196:44990): pid=32380 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2882/bus" dev="sda1" ino=17076 res=1 17:26:34 executing program 3 (fault-call:10 fault-nth:0): accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2298.252919][ T2523] block nbd1: Attempted send on invalid socket [ 2298.259146][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2298.271286][T32372] XFS (nbd1): SB validate failed with error -5. 17:26:34 executing program 0 (fault-call:8 fault-nth:1): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 17:26:34 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:34 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) 17:26:34 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:26:35 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x400, 0x0) syncfs(r0) [ 2298.830969][ T27] audit: type=1804 audit(1586453195.016:44991): pid=32513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2883/bus" dev="sda1" ino=17062 res=1 [ 2298.941591][ T27] audit: type=1804 audit(1586453195.066:44992): pid=32523 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3412/bus" dev="sda1" ino=17157 res=1 17:26:35 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2ef6d6ce5d9586924bf839110000", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001306010000000600ab000900007327268ae2d2bdd6abfa4690ec03e06d0084d75186ab39e5edf3ef495a38cb35735ff42e0b9256412a6417c30062c630caca209329002609486acc2595bc24933a5767d1047405c733b173d1bf53b4d6079d6792fa2f5ab8cad5a167bc1bd7a06f5e29b20d1a291493a7d19351b0fa12f11321e9c3017b0427a7b5444e90e5fa769ddeb36d9891acd4e2209df22943c4214cf0de6c4ccf693c46e1a5272ca62e5d8c84a805e4bcf6a35090b37709d2e11b7f218a505108e913ec914afd4b98b7405238d151d4114fc9a81466b0868ec06be167fad105ed57ebbb219cc88317316a56f7abf1afbcdd62ecc682fac27a264a2effb8223512c277c303972654974480fe4c5025566416124d6f8cb75a0272c9d97b7ac3904bf742c890283254aa4a4718"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:26:35 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2299.330391][ T2523] block nbd1: Attempted send on invalid socket [ 2299.336679][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2299.351226][T32631] XFS (nbd1): SB validate failed with error -5. 17:26:35 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB='/dev/\abd0\x00'], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2299.474437][ T27] audit: type=1804 audit(1586453195.666:44993): pid=32711 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2578/bus" dev="sda1" ino=17070 res=1 17:26:35 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2b3a1998", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000), 0x0, 0x0) 17:26:35 executing program 4: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x400, 0x0) syncfs(r0) 17:26:35 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 17:26:36 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) 17:26:36 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000010}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x1) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2300.042352][ T2522] block nbd4: Attempted send on invalid socket [ 2300.048630][ T2522] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2300.068666][ T401] XFS (nbd4): SB validate failed with error -5. 17:26:36 executing program 4: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r2, &(0x7f0000000100), 0x8080fffffffe) 17:26:36 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:36 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e22, 0x7, @ipv4={[], [], @remote}, 0xb9}}, 0xfff, 0x400, 0x1, 0xa3d, 0x4}, &(0x7f00000003c0)=0x98) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000400)={r2, 0x9}, &(0x7f0000000440)=0x8) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000280)={0x1ff, 0xd2, 0x1f}, 0x10) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TUNSETSNDBUF(r6, 0x400454d4, &(0x7f0000000240)=0x9) [ 2300.750758][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 2300.750779][ T27] audit: type=1804 audit(1586453196.936:44995): pid=535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir950845779/syzkaller.EzUiL4/2885/bus" dev="sda1" ino=17034 res=1 17:26:37 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf251400875a0525a7511c00543de89bdcf0442b00a10e3c307118004d00fed4c972ac883002262ff9a7acd0dc7b2d652bff612fad41f54f93d061ce800903a07a29686198c58a23ecef2c91a0c7654cdd5360476326c1c6730ddb4b2b0c6ca2a4469c5416d2e72ee42560fa0cad2d0324bc29b3928f240dc07804dcb1c0b691f871c318e84f452ec6ff19415a7934ed24d9f1eb70398184f3bb6ab401da25066656b1de41aba148d0080a97a4c2605084cebedcc663f608f0392450109e4a323240c5177964dcd81ea6eec4ab9e65d0f628ec34971e1c84d80606af061fa7799b9f05a4"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2300.905787][ T27] audit: type=1804 audit(1586453196.946:44996): pid=542 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2579/bus" dev="sda1" ino=17093 res=1 17:26:37 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x82, 0x0) 17:26:37 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) 17:26:37 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2f0049d7edd8a0e8785dfff979b42d6839d178f92000000000bc5b799acc58344816d269b12a95a5711a7d2c2370255ccb875d28d7417b78c01a14bfb6768e326604cf8f72a4556c91612b39f40b4b0f7ea7dcf938d025ec0025dda43ebb365f0d68b85c0000000000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:37 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000240)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) r2 = socket$netlink(0x10, 0x3, 0x12) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000000ecfd0d5f5a327aedf7aba03c1b490b16bf03305684eaaf15b636631b79476229a84eae88b204ff03000024c68c73001147a0564d233ec184a7e9a5db547b02888242d2ae28da0dcb664f75d7", @ANYRES16=r3, @ANYBLOB="04002dbd7000fedbdf25140000000500e40001000000050013000600ab003541036501facd06f8c40900000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0x2b, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cachefiles\x00', 0x8001, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r7, 0x2468825185d9173d, 0x0, 0x0, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @link_local}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r7, 0x40e, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000801}, 0x4000004) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4, 0x400}], 0x1, 0x0) [ 2301.417484][ T27] audit: type=1804 audit(1586453197.606:44997): pid=772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3414/bus" dev="sda1" ino=17065 res=1 17:26:37 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) getsockname$l2tp6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, &(0x7f0000000400)=0x20) recvfrom$rose(r0, &(0x7f0000000240)=""/223, 0xdf, 0x40001020, &(0x7f0000000340)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x4, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x40) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getcwd(&(0x7f0000000380)=""/8, 0x8) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:26:37 executing program 4 (fault-call:3 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x64, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:38 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x0) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:38 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) socket$netlink(0x10, 0x3, 0x12) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vsock\x00', 0x222040, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c000000efa4b35f781df4e9f89e53d67255c3ae361194677f543bda29db5556102ded2e398f730e9a4a918eee63c3c8775d5e790661d01f4bbc0ac5d48408b96c324c910aaa5b140a30380d7cb4e39fb3a75e1c198a35b38c1ea3ed2b93a8c014f1c3affc317a49c54bf1a6", @ANYRES16=r0, @ANYBLOB="02002dbd7000fedbdf25140000000500e40001000000050013010100000006001200000000000000bd000000000808000000590bba000000e400000000000000ed00890200000000360004000000"], 0x80}, 0x1, 0x0, 0x0, 0xc854}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205649, &(0x7f0000000380)={0xa20000, 0x2, 0xfffffff9, r2, 0x0, &(0x7f0000000340)={0x990968, 0x5, [], @p_u16=&(0x7f0000000300)=0x2}}) perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x1, 0x61, 0x9, 0x40, 0x0, 0x9, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4dfb, 0x1, @perf_bp={&(0x7f0000000240), 0x2}, 0x49240, 0x9, 0x1, 0x3, 0x400, 0x8001, 0x9}, 0x0, 0x3, r5, 0xa) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2302.035310][ T881] /: Can't open blockdev [ 2302.096794][ T993] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2302.160219][ T993] device bond0 left promiscuous mode [ 2302.178404][ T885] /: Can't open blockdev [ 2302.197906][ T27] audit: type=1804 audit(1586453198.386:44998): pid=1000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2580/bus" dev="sda1" ino=17064 res=1 [ 2302.228038][ T993] device bond_slave_0 left promiscuous mode [ 2302.257622][ T993] device bond_slave_1 left promiscuous mode 17:26:38 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080fffffffe) [ 2302.316446][ T993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:38 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x14, r1, 0x4, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2302.368099][ T993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:38 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x3, 0x9, 0x4a, 0x1, 0x0, 0x3f, 0x8000, 0x5, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000040), 0x1}, 0x205, 0xb1, 0x1, 0x5, 0x868, 0x3ff, 0x9}, r1, 0xd, r1, 0x8) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/\x00'/16], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2302.609730][ T27] audit: type=1804 audit(1586453198.796:44999): pid=1117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3415/bus" dev="sda1" ino=17065 res=1 17:26:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x64, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2303.258494][ T1246] /: Can't open blockdev [ 2303.279489][ T1240] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2303.322616][ T1240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2303.364458][ T1240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:39 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x2) 17:26:39 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x3c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, "d897766a826b0ca0a8ad5db538a433ad7d61fd"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000280)) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000002c0)={r4, 0xd2, 0x8}, &(0x7f0000000300)=ANY=[@ANYBLOB="656e633d706b63733120686173683d736861315f6d8c542a0100000000000000000000000000000000000000000000000000000000080000000000000000fd00"/79], &(0x7f0000000380)="865f9bd3b6d0ae9b7da364aad06b631d62339cc0f0f226d04af1719550a5db6e9338103d8b6477b72e958e39308d56b79717b880dfb3ba112d35e62dd50f920d40fcccc0de44d8876e7a65135ef4af9c10dce6cf3cb27a8f2b01d1ea98c2bc56dda295c85d45313f0c3096f37bfe64934bf8f2c58a84e985e0a2728ff42156d67510bc7e58420cfec598905e5e7451d7f1b98962f3162f7c52dbb6ab5636f82fac6363ed2deac7079d23773be223ff0b506b48b08a61293c2b508b28929ef95ef3497a0afc0348b947e600750eb48f3be4e6", &(0x7f0000000480)=""/8) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r6, 0x84, 0x21, &(0x7f0000000500), &(0x7f0000000540)=0x4) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) 17:26:39 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x0) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:39 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080fffffffe) 17:26:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2303.713761][ T27] audit: type=1804 audit(1586453199.906:45000): pid=1260 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2581/bus" dev="sda1" ino=17092 res=1 [ 2303.873009][ T27] audit: type=1804 audit(1586453199.906:45001): pid=1257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3416/bus" dev="sda1" ino=17107 res=1 17:26:40 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)={0x30, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xa, 0xbd, [0x1e0a, 0x8, 0x6]}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r3, 0xc0245720, &(0x7f0000000400)) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="200027bd6400fddbdf25150000000c00990004000000010000000800010000000000"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0xd1) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) [ 2303.920332][ T1381] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2303.966560][ T1385] /: Can't open blockdev [ 2303.987433][ T1381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2304.069579][ T1381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x3, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:40 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) getresuid(&(0x7f00000000c0), &(0x7f0000000100)=0x0, &(0x7f0000000140)) quotactl(0x80000000, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000280)="e9fa055c77d56dbf56bd6816bee08e8b276f8e84a0e1d839f8d1476d7e076a4f7a3aed9353746cb0ef0ca4494607a01bf9245d9cf56215e8e6738d349329e7acfdc7c507ce3d192baa432f6cd0f0ea11d6ca8bdfde8b2aacb16d09e717f2fe27bafb") syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:40 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080fffffffe) [ 2304.583913][ T1511] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2304.619949][ T1511] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:40 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r3, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={r3, 0x9, 0x10}, &(0x7f0000000280)=0xc) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2304.680493][ T1511] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:41 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x0) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:41 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x8) 17:26:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x4, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2305.004889][ T27] audit: type=1804 audit(1586453201.196:45002): pid=1524 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3417/bus" dev="sda1" ino=17036 res=1 17:26:41 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r4, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20002000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r1, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x4}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7fff, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WIPHY={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x40005) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2305.180764][ T27] audit: type=1804 audit(1586453201.326:45003): pid=1659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2582/bus" dev="sda1" ino=17020 res=1 [ 2305.182547][ T2522] block nbd1: Attempted send on invalid socket [ 2305.211820][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2305.223273][ T1526] XFS (nbd1): SB validate failed with error -5. [ 2305.458029][ T1673] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2305.486150][ T1673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2305.502508][ T1673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:41 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB='Ldev/nbd0\x00'], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x5, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:42 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x0) 17:26:42 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2306.122689][ T1816] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2306.183165][ T27] audit: type=1804 audit(1586453202.376:45004): pid=1821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3418/bus" dev="sda1" ino=17083 res=1 17:26:42 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0400e4000100000005001301010000000600ab00090000000000000000d701511c266bf12cfc"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2306.227886][ T1816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2306.272765][ T1816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2306.545276][ T27] audit: type=1804 audit(1586453202.736:45005): pid=1841 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2583/bus" dev="sda1" ino=17081 res=1 17:26:42 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xd) 17:26:42 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240)='/proc/capi/capi20ncci\x00', 0x40, 0x0) sendto$l2tp(r3, &(0x7f0000000280)="c46321cca206a8a4762011dc2612bd3ab27955437e87d05dcbe4969bfa1cf9744c96cdacfb0ed24bd50fbbeb385961353c89d96af9e82b479bd2ac2c89fd1e0c59b69d1735bc0fbf10a2a1e7742685306824e1b309ba", 0x56, 0x20000040, &(0x7f0000000300)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, 0x10) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:26:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x6, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:43 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000240)) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet6(r4, &(0x7f00000000c0)="635efb8c01998e778baa0b8598794174c2541b55da8a31b279477800"/42, 0x2a, 0x404c905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:26:43 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x0) [ 2307.072488][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2307.134730][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2307.166705][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2307.278203][ T27] audit: type=1804 audit(1586453203.466:45006): pid=2181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3419/bus" dev="sda1" ino=17083 res=1 17:26:43 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2307.609214][ T27] audit: type=1804 audit(1586453203.796:45007): pid=2207 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2584/bus" dev="sda1" ino=17081 res=1 17:26:43 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000040)={0x1d22000, 0x6ca2, 0x4, 0x1, 0x3}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2307.779471][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2307.814734][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:44 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0xf) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2307.843573][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:44 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x28) 17:26:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x7, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:44 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x0) 17:26:44 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x20, r2, 0x200, 0x70bd29, 0x4, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x8000d0, 0xffffffffffffffff}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x4, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2308.490372][ T27] audit: type=1804 audit(1586453204.676:45008): pid=2351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3420/bus" dev="sda1" ino=17084 res=1 17:26:44 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2308.589395][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2308.603954][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:44 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) sendmmsg(r0, &(0x7f0000002700)=[{{&(0x7f0000000240)=@llc={0x1a, 0x35, 0x73, 0x9, 0x2, 0x3f, @broadcast}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000002c0)="45dbd735e9f5aa14130f9021678e319afb7d7d601fb59757ad45c55a1e718a22bd9d2021c8aa124eb4622b17b39834929e83c439dab3c48a8241d2971db292d03cf0af4723987df71a518e764176b919cc33de9bc36a2ddd325c5a5ce73586a33d6f6ae31b5fd357780eadc9ec13fbc51b17e53fb2fd4ba5e0c55f1addfaf87241f8f23bd426fb3255ed15e535c85c5c057b0e8d773876b888f4a34b3ed915a2edec5958126ddb790eee601a6f24afba9d91eb00ee1575d988ab63ff7ffe3cc851734b871414a05e9156ed9a406d70f4e5d7990a48e7ee75", 0xd8}], 0x1, &(0x7f0000000400)=[{0xb0, 0x88, 0x0, "59aa24940385f166997129863b45e11ba5ad2a1b2236f1071616413218cdd5e9bd147726f4735753794f16e737f62529e427f09094387d78995bf2c0be9dd65baa47aa9a379ac84ffbc32991d9c5a619ba095220bd420eed3964e78e9322a596d14b432df16d2e99b836d3a57931a3234d61fe058b69d2fbda5a8ae35587e63821eaa0b90af87bae8df53c8e32e8e21b0381393dbf42211827d1"}, {0xa0, 0x112, 0xa, "3a462b951585f4ad366c0dc57d347593b776a50c6a4a474f60b9b732225480f32f598ebfca340b920a53d4b630f49b5d4fea47369aacd80519046539f4166c74593caa2916a4d67f018a0ce296a3571cf661fb624c0a559374730fa645405f74e9a1f462a9b6774ece3615ed0b6695d3f9790fa6c5f8de930920e06ecb16bb3cf301753970c20679a1ac8dd5"}], 0x150}}, {{&(0x7f0000000580)=@can, 0x80, &(0x7f0000000840)=[{&(0x7f0000000600)}, {&(0x7f0000000640)="d60104ddf009d220fa80a99b4822bbb64e725c325c5568d53c205eb3682971d6fe18766b014d04a4d93662f71aeadce91ed892c5a95946eaa946a9e495d9e85aba510562cf2a9fc4e09d859b0105a0ad30c7227359b2a1991c09a175ccd3c58f0244b884f323372af1d299ddfeca75d6fd74c16f06853b36c8d7857ae9c9459fe2fe37a996bf25b8faad111da2a91591fdce3b542d44cd4809f801aa51a569148e2320c0d3e386d77d7a7e38d709832dccaedb095c228c608684faa63b258606294decab20c63be533dcf33ae244c8d4fab400d7c4aa481cbc8533546b5d812578e7dc37c2621e9105e617d58f6a4b68380a1073", 0xf4}, {&(0x7f0000000740)="32079626e6e427407bdac76d30b6f8ec07dcfe217d79754292a5dd7145edaa295c2fbd3a7e9855abb99a9b5fffb7ea04baf4f3ab710c2169b8559dc955adaa9fe90ea1b4857c574475614840c8e6cdb60b2d56598beafd5c6e4bf2e658cbf0ad47ef77075c172da0809143c8a7a16d35dff8ed2b542c8c2f25fffd4184f46bc6bf535c2964ef53d9487ec5182ddde0afb79db8f95f072ad5d353fbebcd8c6524455fe62895899c1b20554e8c8b92b748435fc94b55d60dcd6a7e3c14e73115606c203866cced77a3c6f108f65af6e145e5b9eee4", 0xd4}], 0x3, &(0x7f0000000880)=[{0x1010, 0x10e, 0x9, "cf7e2a7e73455f32713c079a5da7312e3ea29bc4c43be09cb9e7d7427f0388a5bfa55903cd276face6a6f0a99016eb1cfd21b36a908563365e0485c7e2a7361163ebc4d122be1fbc45bbcecedeec97118edcbd2633660f1ca1d773976207a1332149b0c4c97c22c13fe5aed3135a7d7b2663187d19e4fa4c58bb510015e173d7c77d5aa45c2cf232704fcfd7619d10a8c79913507ed3e3eef3ed7625fc0a4272ff56a1947e9e622e3d766943d1f90fa0f5b654434fcb3cf721118ac18723ca59fd469d8e39f0849025585ebbf72b2905e3e5812a9b2a494be778c2e53d3450644d013f17289b9ccfaf36c1080b683f513eb9166596634da03bb278fde031180ebc3e69cd3a5e9d1710f38ae5517ba2c8fae19bcc2789d65d00ad9034df2af03b26404ced692d506ec0d9a7ab2605da05203edd310d51543b5bc2b04ccb1d7772a0f8c8ee8f178c8c844aafa58d1e8d69ee5626a716eb931a704592937927095497c2302984b48c88037d0f35fa8198a719381e402f14e55acc4f59d23be78c84124d4afca45960d413c5eb08f801e94fd6e8fbd31a9fbe9810e195bd828bfa40650118aba52a8d7e8a52ed2e1000c43666abc7aeb5e756b8cc06cb17ed70e31d42aa3bd19a94419e4061d9718e3d2ef8af57d1878c955fd0820cb129aba572197deb4299573baadb8fb01f64527314495279556ba358c09ccdf0bbb673d22892ae671e05b96faccc6553e055dd8fe8b5c7b69e70f70f31f012fcc1164a76c002ae2377256943aa2cab8d3823ec276e5005719523fa3798ceaad5c1d8c08672fb3e870acba8b0174644521ca62e100230608468e1ebc429476dd2dc058f5c6b5de819d599ec751d055777e0f03bab5548f63286f4656451456fdabf8e398327584c723cec679ec1cb00bcf8eae927048aa5c5b7db810890bed8988cceb02f134d3a9bba1e923a5b0453deb073aa1a9c881c23284b12b5462e55fdea4f35b134e67f1670902ad7a9969d7bd9de716aec09815a2855b694e099599261ef530215f5750afb2eb47ec7cf1f52e313c7bc4e3ab2903bc06d3b299ec805d61b6e94e5139ff30dd40a0686fe1237348caf83721e4803aa6ed0f667cdddf0156778a7e8e5fc6445d7607c9f574970b7b942737ba3e7304e124fb38f92a46d7276583c8cbb514588bebf970747056cddcc41ffd8b0b554eca12ff65053f9bc4ffcd8461ebe6fc952a33f88db3a3af8b82d803224663f84e6fd23c3d31eb2e8acbf1b2be67b88431ff022b5d3111f1686e694148848962aa4493ebcda1c8db109c3076099a4826eb447f20d951408883e1aec3e9902a46142d0092655cb4ae671299ab46e334b4d4cadff9e3d4aac6432e4d1cd584d1e9e569fa50f3276e5f74d15c6feefff57cb56cdaf1669f35f449a5af03d52ecde70dd16cd7317d7b1b50f669ec1fcb43cca3be1ebfab9b3f1b633e61c32cb4cbf67a1c2bb61be5204de4f21fd92a1b4c984d445021294a72eb762a4a5a6a0983ccdecd16cbf4c2263fb9a635eb48cf98e29caa64dfa8e1e42c3d1c5e96c86de34a7b02b168034d438c022519e6a928617d459a611dbc2b5a7d9122c8cc0fce6750d3949b27179ee36fc0f02a44134d389b6a94f40cdef7eabeb0b98e7897cebec1d671a27bb837ee6e1ef466c060fc7cfa1f64df956031f6ea95738d40991f928eb4f9f0c1c5502e7e58ecd77589b811b79fa2f46262cac432ad6add4effc6466d142b11151e4ac246cf36c67f826a5c05b8bbe3e66da3233dde2363cca8995c40ea6d8d53fd5428ceb134b8a048a8c87988f705029776ab66128ba803b4919d764164d9632290fb0db05699850184b632ff7cc9a65f75ccddebdc18ce99c220ef1da8adae3abed3990a6b5a6ba9c15a238fca050348f6c74470e611fadef3f89caea37e17798572419df405acf8026d2427bbb329d7e460c6c4cd2d41188da8ac2422a9c78a8a0a6bc408ad375a6f84abae59ac652c8c35eeeb551761fe51b04d7c8f903cf5f93ec1e6164d57344cd3075db26b22e0389eac4ae304644b6c41bbc4225444aa9fcdcbda62f7ff3c800c37a8e8f28e85690fa9f130e009bbeda0602761ef31945de94efeaf2d8bb6b84a886c26567e46204c3ab528780f040bccf64a4c97b188368e33ca0e996d66e0b03795699e56a54decaca06008923072fedca689897a6f4c251288bc36eee6e9567241116ecd47cd574e3bfd737f09e37e9bace9ddbccdbdc531af484bf7ce9f3ee65bf89a143d60a32d4eb97f2f8a77a86804fca13680c402184adac221b612b0ac5abd6329b2b890d5800fc72251b3f8d7405371cf0ef83255b8e496576c6525f5e07443c3020d7570861e631740de3c5368c515912752cbef851130603197345ce7d15f391eea257bee44ad05b527974e1a1f2a7e6033c490c154d9ad8cbce9874625300060050d6eee932f07bd93d0efdc44101a2d68c8c09a1b750346f4891af52b7ebe297f1ca9f88d17b54a658a10fa1ea21eb6349e5b2f2be8d8fb7105dc5b19e207f38f2113b7574f327cf97f7531862b53b6d3cc359987d5925a422a9e8faaebfc35237ec28d560b36a53d566a9d62367d081a142674f27cf5d955e9275780c03b6ff0eb93551314e4811ad02953d94c8778663f64620759b7d852f1316f1a0f38bd2c2a24a3e2de86c353890201342085babdc6512c1984d8b707e6e85409f9c134dbd62e21c1b330198d54439e9e227e81d5a68fdbe07a0ce8ab01cc2d7dd85e97fe973cd5a70c1f542a23e2f065f8c8be812bc36fe3e1a518124bbef9dd38f252d0fa896deea5f23b35590da9effcca8a7a60d1779bda8977323f8f3978a93c965357b415b18d63550731f59a955864b76840f2b045d45c022d7cd7d36531824744d0d94e238034453d2cca0eaf5e8c97c14afb86af467bb28931285e2414a0bcb68dbd66898191700aa252006edc804a2e627d71aae1b1eeefb5b290f3d08c9d4444c94efd017101a64c2373ff425871ee34b5a1fe707bd541527592e23ff1d55512dfd47a998a2ac73f97cae8846e84d24eb2d0dac1b56019c5da236ff1684311fbf24e9f888ebc35a383d221b6c77efa0d85667dc971cf5873a03c28b26fef2502f5394b000484910306b8ceb459229a06d207a7c8c22214c67e90538fbb815f56abc33716436900f98c027b9c47fa9536b37e04360257513b4981fda2fec80feaf6efdab31b57a395a8545f19d08f6232ecc55611bf0a995429d6f9ce674edce42f476d5b9973996b96e6fdd3a1c60be5923e27d11cf12ec472ff3eafce81a520299eb5b6f40f93690d6c6e3e3219857717d8db8cc885f915a77d7f2cf5ff56c86afa89503c277900bfd1330286b13baf63e537d5fce21772a74d65f745d792f1ec0ce130fd7554b683fbbe45e6c5919aac67aa0cf3dc5555cf32b6d4c981f3a4cc18ec0166e2c684633c59dcf982673870f4bb9551d4956cfb14a25d16b86a9d62987b625a8caf81c78978b02ac62e9964fc9302e86775c26210c80761854cceaac4d62e8c15bb16d7a2c0e94a6947a082c5480fcd5b4ff94d860c3cc113d0b3688521445f9fab94c9d7b47c34d47e8fc6d769e79bb6697fb3162cbda1df269f1883d16575e92e7c448fdfc28ce87a905403290263bbbf5865642ff03682c0954380e41a0c425a3c7e52ebf93a38f286a7c5793f2e364f22a27615aad48561399cd9564ed1dfc7feb03cc5d3d46e305978a0cee55259a440d41512c559db9204fd97757c1b3a1ed18156abe29f07229e889b436cf376a68d14a8006f029d435f0125f93b7cfe8eb7563e0f372ee7e4611666fa9df056a88915671ce67a3dc730876e063ca70820c8e0fa670adef4fd103f6118f7479bdf1514b9b96a958fd8fe6ddf962d3dbfa71d9d5aa5268c43c40faf85869b9ea5eb853a47a4393c5c6539ff225dc6bc030ed3db6f4cc3bbbb215619d64e9313a8035bd0f29a146b69d773c901e77e6c3cc9602881ca85d04bd60896b04c93878abfad1ca81f8b43dc4f26638b297c6b74a54b6ae0f067eacbb9741357c6f6716d8d93ce7c05dac13a23e96672789496c1cbe776f19ff63a36c84e0ee2fb15496b23e1d5aa0b2d22b1526fa0e5fc6858fbc53b37d1f8b48b55b124431568826d4a0e81d0bff67a7434275c3d3e42477c86efa3e972d6427888146b27eca2c1c176143624d56b053685a05f5bafb726b56957585a4869a3a7a5ed3b15bf43f31ebe7ad81646e1ace261f6d91d2092066c9c526310d2ff9030271a756617dc89f993056640443f6eb88ff880188b86fd7e552a5ec194149dbb9394e63ebac7bfab516ff9f87dcc638c164893fe9538992fb339dad549a2b4da89f34c605c14cfd5d20f3b80f0993c1b2d0a80cd7cded8b93291875fdd8159f48b8cc1ebab8af6c7bb7de2d1671dc17bbb8f21f9349c16862cf2477b72f83abf4fb9eab0d05a145af0318efda3bf31c560d5d0c1d04860fe77d77861b56c8815ad51a672c9f8601408443aaf67c23f474bfaf4b5272f64d4b7867cd4bcb930b366bacf11a66d608dbbb9922a0f2dbad7e9c1a1348e3b84918974c472fab93f7376ef28f02a85198059ba2b7d6d1dc37f39badac29b2b5f2d2d900c2ec23970a405008f74608d858d1319670b2131f23d73762bab5f535988884a6ba45f8b5e46ace10ef70319874426de3fb5ee7a9edb72c41c5434e76eb7dc2a40f46f889b68792687f5079c70350ed84e849eb43844a388611c0689527f7cef9c962627157fdf2cba1654086d7ea4c7dbcef406bdb669c57be4497246f9d69f49421e3ac98cad1198f847d7afce9978d33a0587539496b382fc984ec64124506a10c8298f8dab696c811e73dffbae24e4107140a05464c3b5219c4663e4b943af1bafcfad0b00c00e4c8c1d90c2525b44f8ea978a6ad74021418a4af43249a32093ba0557e19027c0942f9384efb57b5a6e7e17ebf0c5d6801efc82de054594e1fd6611a919205dfde02b1d98a93baf60bc153cada4db513dbdb6b80a1c7cc702e9e163ba8a51deae084e1124dfacbe7f410f64b1d3f6fc4cbebe39cee09b7f28882f821244b8ade9db9838062d32a44087d60c6b0d6f5243a8971df91c9761f911742ee46f5f28fe88f88072e584e33fe0c594df95786f35359d5186b298f3996fe381b2514b400426bbf92da859d087c71e81c6efd531003e30e0f762f8645e2cecca61ed97d323df11582498406fe16aa9f434ac983c36e96ff73d128d2574c1a1db352be126bf60bc831e1f52ac151639614b688a22c932e8a2a3cdc4a9c6c7e12546ca24c200f1abae95e473d8a0d442fbdac8b770f9a0ec9081fcc72ded0fdaf63d89527c495a076c96e659703449cfa568f5142513251f9ff2402fa8841d7545f0046faa62e42b2735b5d60ef112079c3ba45bf3132c33d2a2be44712169fa4ed828b32ffc6733c7ba28aac6fc8595e3014c0f83707506f76523bd3ec302b146b0600deec6b4262cab1c35fe7d1a53766c67e58ac44dec42190b3ff0979f6c13eb7c867756485f2495ad80d8a977ea726d351567a4391e1ab0f9c2aac4e74fa9ea30165d2617cab126064b46f8ecd1250f157608ef2a6863d7a187dcf61781cf7413d942429ae1cd65d1ea68f468c86f81aee15d1af8d3037ce4be9bfe3340f2fde87a231b011a98614d36a7e3dc5f44c9ed8da7be994061efca44ede968fdc289762224021814bc8c2011bb4e6e407b5a924d07add5906b41503a089be4197ca069b512719f42b062449b649"}, {0x108, 0x10e, 0x0, "f698f68f6a2bb276f8ddbdc2c9732cfc8c26829aeefaf81d63fadff433ef8ea11dcffbd8cc462a74efc31a9fd73ab929f9090d32dfae84f6efb9bc14bac8d7c304917d348e85e8e1df0be468383126f0121c5c9bf3196f41df7e278c33614722e15312cb950c909fcc715e2ff333c711437e39e03329af3aaa7599269f5cd25c3cdbd6834587d1bc5846e4e6481d7baeb595c94c7bdcbac5164ec831e87efec68800ec573c8d7fa8ab0dcfee583c6f1f0abd6b546530cc507e2c3197a514bf201fb69b194c4c096b12251b0a186dff1750a202a2648936d327f11a2690d620f41df0955968ce03985a73bc8fc686a58ae8a9"}], 0x1118}}, {{&(0x7f00000019c0)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x4}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000001a40)="3dd5809dae5a6f228455cc5cd73c351c5999606aebaa5cf5f822a389d46558108367ff1d6840800341056cd22833b84efb049673b603e3f636b36342fd7a4a1e61f26c46afffac9b25cb159bfc6f511bf6", 0x51}, {&(0x7f0000001ac0)="92bd5dc36bb02753a79dc3c46bff8193ef6ac1b48c6a953743a33d647f5125105e3e1b41ab548592e2be9c0d003bbd54ebbe3883d79e912a27e29c3e6994d2c5719ef87ddeb63e956d704720610d76efba35a57cfc634932e91e1a2fa6e717a3da2b6bf4809204f922bfd180836a0aa81a5f595d6986a9fcbef33c916820d203dca52d1564863f4f3ef3f7513b9624a0f555fcb248898d3f54b6dd593393ffa925fc8434d5f4da79f6ff2a333b4dec23e8", 0xb1}], 0x2}}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001bc0)="ed2f98b8f58bb4162d8b830685a796eede2304f81d744d464ef25f051ac99c81e2db1a6e1323f1bd5f000a879e922c86c6533add98b24ead5f06fef16c7fc22215ef70e315f05c98f825f88a58e79489c8f8fb779d905169a9af2158a25fe416e248bb93bf44ccc7be635a84ce2c41cff06c9c4772b131d495542ed4fdbf", 0x7e}], 0x1, &(0x7f0000001c80)=[{0xe8, 0x113, 0x6771f89, "c25117f4b89a0488eb34b27d76a56be99fdd8f519b322ca383805a0117da2c567df9fa629868871a405214d5e08da63260cb7efcad5707b0917ad6b79f414fcfc7776ca9d25ab59baebea2bb7cde956ebd4d057bf73e92d3b1209d00098237e1caae74c09ac488f92f75767ab1666d9aef38171ee1ce5499392c54ce9bf99f91427e047f3abb98f03d4c00b37421ab376c0ed240f58d77dc1c49e64cd3c2aa9022276dc3c3aed814dd13b54d5c2f66788229e5ba1e4c7ed616d79fc39c4a01d8eb9cd140aeb8958e0bf267487cdf25436bc6fd145410"}, {0x50, 0x118, 0x3, "593efbbf6135073f669b893afe6903a8bb984b0825e7d7784b648860020cc7b4c42321f87a7843e968c30e7ddbd332a232eb1b09b51aa99176e927"}, {0x100, 0x119, 0x1000, "410e8e8170649a20375fe1ea8e98797f6e5681341238141f688cfce8155b9c50b25a8f3ed27af6aa14ab12672c7a0d4cb71f9a331c2bdc2d9526dc05b5818de7c51afc6ccb69cbe8c8a36782db2bd35ae06afa436a66bcaf0a98a24cd8fdb39886b13822a39c5036bb96e85a8d9ccde37a1617fb60fa766005247b8cb217d1714699955d50e9e4d804c6f756ad823ada97ea225109e06e815418f56b39a1bed34d7d58152080c61a348a363a6cabbb97766dce237513218fcaf632c95e44492f730bbfe316c7cb9496a96c62ec7cc13512c6052eb6c1c5bd3e86534b99b684eed569b7e44a8317fb3897d9147e"}, {0x40, 0x103, 0x73, "1ad07c6d735fcacaea19490ce3a1d9f8341301677b7ef748c5dcbac2405406bd7fd1921b622dcead4253414360"}, {0x80, 0x115, 0x4, "eff5c1cf1495cb0d9ecd4516ef18afc0ca2dc5051dbc096b7f305809a93801e8e8ddf529c34963c64a610cee9c1c7ee830c1f7a175cb313babb7efaafc6a778a5026f288f16b14bddf8df09df63b5a6f9ef7f5ad691e477bdbfd630d6064376f714f1bcc3f1a985999"}], 0x2f8}}, {{0x0, 0x0, &(0x7f0000002180)=[{&(0x7f0000001f80)="b05549508febf91885a035e64a0572ce12a2e977f8a763fecb996f45ce2aaaf8bc4aeb8f795be222f4cfc084a9a67a8e307c47ce697338ef38575a574576ca8f77826ff56ca639ebaa775cd2d121b08e24b172b4b9bd3620e83ce64f6fa28a83d9e7b753e6ee0fcca1e0822ace77a987656fe4645f32c55fdc32372fd3639c83be5ee34f17b92c44fdc156cadab80339a61a12cbb4434f28557f05b90fab2b9c82d1b2043fabe8c76e4089e84fcc0ac14136b35591c4aef9aabf3ccb0dc93c2643f6775e658d5d6a9b252c4b9a86159cec3eb2f50ad98aeb9ac7a89f050699ba29e4df64c502e7152868f2f41d170488118f392b11d945", 0xf7}, {&(0x7f0000002080)="b802188fee4bfd8a6ebce7360a0360fc002166ab2338d71b4f8dbbf6a8a8221d4382bf47b80b55c4da0b1b94f79ab96281cad26bf78d73d262e6f074d14227184a4d36c178ecd4ca11a41e525811f3ff4fb005c7b0a42761a5c0ff4c14bb3fc26dc70b73e083dba20988d539845055727220bc1a5d21f947b6dbc8fa109e9798134b8913c1d8fa712fc87a27fd59f5859f991b4f24d29584641206d87ee9828314a2", 0xa2}, {&(0x7f0000002140)="f10f0fd1f615385a4b60ed581a37a01ecad7f6925da7454fb4f488100556c22cd48b2b4ffc61746588f2ded33d338848346e09d33120a6e264281af6bf", 0x3d}], 0x3, &(0x7f00000021c0)=[{0xf0, 0x1, 0x7f, "d9515e9f02a91fa6af795acef5b3f5ae08e335c7c4523f543f48cee2b1cb0dfbc1ac5191d634da7f987f319ad04dc208efbd83290b699812f1038727e354d90ded7e2abf435b7bb662fc86a8b57947521fc10ec6672b6ac70f4f0ebc4d1e257c58ad9bf9e85e24e6dee338ebb2aa928acf00e3be61f971b235acf8659a5c75a9b8cd7d42f325c519012f393850eac4b8414b6613196be4d63036ab1c046d571cbdf103a1f255423f983cb31636b14fdde410e6df9b55047ad0b83fc32861de55e6c4151f61a381c48bb44c584387473cc7bdc123f8b18f49794cb611f19576"}, {0x38, 0x10c, 0x81, "d341bb2a0da6a0d00b07925258eaea4deae0267ee5d0776a375afe5bfa47368993d1c4d2ebee85"}], 0x128}}, {{&(0x7f0000002300)=@can={0x1d, r3}, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002380)}], 0x1, &(0x7f0000002400)=[{0xe8, 0x118, 0x8000, "320a22d546d3311e7513547693175050ccf027e6bf13d707be173d72c124c4769d2cd9c1f4cb438a71b665f25001ba0316caf6b3825ca0d0e32849e0f08adb93031cfc1e414b730244c8f5f0163d51ccb4fbaccc61f9a202c96ab1b3c2dcf06d62027cea651a59eb3d80dd5f1e53dc8c2ca5cc4a23f84e6488b949386731db3f0079c630c048f6cae0fa4616463449ff5316b5773435e5a2ec189f7dc933fa64d48dc879caa267a4a96da1641d006c4a28eb14c2e25345b93dec28bc57e1022b955d21cf6253c4c077cb4f8f6eb884c45e19c6038e69ef71"}, {0xf0, 0x112, 0x7fffffff, "b97313b08297ac018977c11d147250222eae0283d3cabbeb811587ab8c197b87435f6e810aa533fefc371c304db00c148f5be4c2b0c91d0f5851fa72109662c03659efd4fb2109dd55121d69fd6493231db1e8b6e4685076fb088fd83c4baa3ed2594d881a8822f6daeec1a985f7aebb5989dcebf74645c10afbf06784f756e90f935e9bdb90b1403e74717d6a8c92d1b8aa2fbb00ad96e58949f0ebb03ddb50bb1a61653cad6d67087075b4212f86598da2fafb8b1c74ec4fc8852e9abc1d41b7ca5d9004d506cc3ece4ecfda9edada46b8c5c6c4017f5bddfdb3"}, {0x30, 0x102, 0x7, "01243818d8225570cc70049815c07e9ed40d19fe76331b39293a"}, {0xf0, 0x10c, 0x80, "b3c8f4273aaf9b4f4141dc2b03aef6c35e795bbf5f078bd57808564ed29f8e48a355d088cc001a56cb579f396a6b14ed027dbb05654864e4c2e50c0bb17d59dbb77250a84fac51f10721e734e319d890badb3137aba34978276bb0e105617bcb46dce06304820f8ecc934ec0fa29e51196ef5829cd306cde537f0e96958efa23d72797ce5ea727d0d05d005528de6a4d337135cf1d436f10210c01679afb543fa46d0cdeac33e3644255c789016a246c94f66da3889d5698ea12c96d40a04a755190935f1f0a227b1053e1c6742f414b3935f5f7c618c79625e4"}], 0x2f8}}], 0x6, 0x2000c040) r4 = socket$netlink(0x10, 0x3, 0x12) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="04002dbd7000fedbdf251400000b0500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) [ 2308.706366][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2308.784209][ T2522] block nbd1: Attempted send on invalid socket [ 2308.790454][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2308.806317][ T2393] XFS (nbd1): SB validate failed with error -5. [ 2308.912156][ T27] audit: type=1804 audit(1586453205.096:45009): pid=2610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2585/bus" dev="sda1" ino=17000 res=1 17:26:45 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$binfmt_elf64(r1, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x20, 0x1, 0xe1, 0x4, 0x3, 0x3, 0x4, 0x21a, 0x40, 0x1ac, 0x9, 0x7f, 0x38, 0x1, 0x80, 0xff, 0x401}, [{0x1, 0x20, 0x1f, 0x9, 0x80000001, 0x3, 0x3, 0x5b09}], "06a0a76b95da8d2fee260a0aec12eeb6ecd55f361df351dae3f25b33ad26d4f71ad44f27e39a7011b32281c9c9a2b1734e6ed1cce07b682ea2d3b457faed6f3f7900e3a03128296d943b1c5b80d6660ec49fa2edca674575638449a2d1bbeaa5fcdcf72d0ba8a0f40e33d4f4ee5d4b413e74e3f3a2d19061ee387d4bf389402c45ca0e0c7317e9fa48640cd10a8df5a6cc8b3282cf4eada23b4da1d7a17231ae95e1ea6cb9c60d727df720fd489f45979c7f8a3384cd3d786d5433cebc4f", [[], [], [], [], [], [], [], []]}, 0x936) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x30, 0x0) [ 2309.395986][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2309.473620][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:45 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000040)={0x1d22000, 0x6ca2, 0x4, 0x1, 0x3}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2309.515288][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2309.537499][ T2615] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 17:26:45 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000040)={0x1d22000, 0x6ca2, 0x4, 0x1, 0x3}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:45 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000009f5315b9c23ae5925bd6c4d21d0c6c152cab50dcd4f7f81b8900006a5bcbe41c3db45e4149762b990b8641cca1799cf4b391cfe9587967fcb01706a9954943cb69e63a0f24fec885dbf190e6aa777f014bf264b01297d857b97b2a1b2c61c2c002749fcde9bd5adbf5a42c2c54655aa6cc4bf2279b621ae927585f5867a764f1909972c64cbd3145155e47fb6cb828152f8f1c9d1deee6896d346e8a5805b797fbcbf266ddab3afcd44a980458edce2b26f48a5c7762a28a2c7cf0174bb005816c7eca78bd63f02bcdf28ba528fc127a428f30588b783c91b2f949e77d6eb268be56a1052205e8a1beb5c5c7c6b070478396d27b", @ANYRES16=r2, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x8, 0xe5}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x101, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r3, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x6, 0xb1ad}, 0x8) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:26:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x8, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2309.784217][ T2615] CPU: 1 PID: 2615 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2309.794069][ T2615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2309.804226][ T2615] Call Trace: [ 2309.807538][ T2615] dump_stack+0x11d/0x187 [ 2309.811884][ T2615] dump_header+0xa7/0x399 [ 2309.816298][ T2615] oom_kill_process.cold+0x10/0x15 [ 2309.821419][ T2615] out_of_memory+0x21d/0xa30 [ 2309.826032][ T2615] ? __rcu_read_unlock+0x66/0x2f0 [ 2309.831070][ T2615] mem_cgroup_out_of_memory+0x12b/0x150 [ 2309.836631][ T2615] try_charge+0xb60/0xbe0 [ 2309.840984][ T2615] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2309.846526][ T2615] __memcg_kmem_charge+0xcd/0x1b0 [ 2309.851570][ T2615] __alloc_pages_nodemask+0x268/0x310 [ 2309.856958][ T2615] alloc_pages_current+0xca/0x170 [ 2309.861994][ T2615] pte_alloc_one+0x14/0x50 [ 2309.866490][ T2615] __do_fault+0x120/0x1e0 [ 2309.870838][ T2615] __handle_mm_fault+0x1d2d/0x2cf0 [ 2309.875981][ T2615] handle_mm_fault+0x21c/0x540 [ 2309.880775][ T2615] do_page_fault+0x4a4/0xa52 [ 2309.885381][ T2615] ? do_syscall_64+0x27f/0x390 [ 2309.890231][ T2615] page_fault+0x34/0x40 [ 2309.894382][ T2615] RIP: 0033:0x4036a7 [ 2309.898329][ T2615] Code: 00 00 00 48 83 ec 08 48 8b 15 f5 ef 87 00 48 8b 05 e6 ef 87 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 c8 ef 87 00 48 83 c4 08 c3 48 89 c6 bf 08 fa 4c 00 [ 2309.918039][ T2615] RSP: 002b:00007ffc39b30700 EFLAGS: 00010287 [ 2309.924115][ T2615] RAX: 0000001b2c420000 RBX: 0000000000000000 RCX: 0000001b2d420000 17:26:46 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r0, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0xffffffffffffff37, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1, 0x0, 0x23}}], 0x2, 0x12002, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept(0xffffffffffffffff, &(0x7f0000000380)=@rc, &(0x7f0000000400)=0x80) r3 = socket$netlink(0x10, 0x3, 0x12) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="444d5560c54abc0ebf72bb48cbaa5e889160bb1e0ff5487eebcb5328dde43d3f526a6eb384b6a46edf0f299879bdca6e96f9b65cf99cf044f79bcf5318bb89098cd0a5c66ee3815a5aab62e249f2542156637ed99fdf4d111f9a14d5c12fce0bfbe838d48f8ac8f96a9741753236f7431600913917ba54bd04f7952abc2c4a21f6b4cb08283f1f7b33c6526480a4c7a755da74b2afc0d0cbaaaab2c2fe55b35526b62497d69405270e96c09146515868cc299e2844724567dd4df856cb698bedb36f8db6c46bb11af65b757b127c0b12cf", @ANYRES16=r4, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x4, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2309.932086][ T2615] RDX: 0000001b2c420004 RSI: 00007ffc39b304c0 RDI: 0000000000000000 [ 2309.940058][ T2615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 2309.948037][ T2615] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 2309.956053][ T2615] R13: 00007ffc39b308f0 R14: 0000000000000000 R15: 00007ffc39b30900 [ 2310.319022][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2310.346189][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2310.373952][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:46 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x30) 17:26:46 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:46 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000c5cb00", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_init_net_socket$llc(0x1a, 0x3, 0x0) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000740)={&(0x7f00000002c0)={0x454, 0x3f4, 0x0, 0x70bd26, 0x25dfdbfb, {0x3, 0x2, 0x12, [0x430, 0x2e9d, 0xfffff080, 0x6, 0x81, 0x367, 0x0, 0x40, 0x7ff, 0x5, 0xfffff800, 0xffff, 0x9d, 0x10001, 0x3, 0x8, 0x8001, 0x8, 0x6, 0x3, 0x2, 0x2, 0x2, 0x9, 0x5, 0x7, 0x40, 0x0, 0x65b, 0x5, 0x8, 0x100, 0x6, 0x6, 0xfffffb84, 0x5a, 0x2, 0x9, 0x100, 0xb4e, 0x10000, 0x4, 0x3, 0xa5e, 0xfffffffc, 0x2, 0x6, 0x7, 0x0, 0x3, 0x1000, 0xb7, 0x6, 0x400, 0x3, 0x2fb, 0xffffffe1, 0x1, 0x3, 0x9, 0x0, 0x5, 0x1, 0x6], [0x80000, 0x9, 0x40, 0x80000001, 0x5, 0x3, 0x400, 0x4, 0x80000001, 0x0, 0x10000, 0xfffffff8, 0x2, 0x3, 0x68000000, 0xfff, 0x4, 0x40e, 0x2, 0x34, 0xc43, 0x401, 0x3f, 0x7, 0x30dabc62, 0x0, 0x6b1a, 0x80000000, 0x0, 0x5, 0x0, 0x9, 0xfffffffa, 0x20, 0x0, 0xfff, 0xbef, 0x5, 0x800, 0x10000, 0x49d, 0x58, 0xf7, 0x9, 0x0, 0x20, 0x5, 0x9, 0x7fffffff, 0x0, 0x7fff, 0x1000, 0x800, 0x9, 0x0, 0xffffffff, 0xc75, 0x3, 0x8001, 0x2, 0x401, 0x80000001, 0xa3bd, 0x1], [0xfffffe00, 0x3, 0xff, 0x2, 0x29, 0x8, 0x5, 0x4, 0x5, 0x9, 0x400, 0x1000, 0x8, 0x438, 0x4, 0x10001, 0x10000, 0x9, 0x9, 0x7f, 0x5, 0xfff, 0xe9, 0x1ff, 0x3, 0xde3, 0x7, 0xfffffffc, 0x1ff, 0x5, 0xfffff000, 0x6c9b, 0x3, 0x4, 0xa37, 0x2, 0x1, 0x5, 0x7, 0xff, 0x2899, 0x8a, 0x0, 0x8, 0x2, 0xfd, 0x8db, 0x10000, 0x0, 0x81, 0xd9, 0x9, 0xfffffff7, 0x6, 0x1, 0x2, 0xec7a, 0x400, 0xfffffff7, 0x30e, 0x36c, 0x0, 0x800], [0x3ff, 0xffff2b77, 0x9dc8a383, 0x935, 0x18000, 0x6, 0x9, 0x2, 0x1, 0x8, 0x1, 0x81, 0x8000, 0x7f, 0x8001, 0x3, 0x100, 0x0, 0x4, 0x8000, 0x6, 0x6, 0x9, 0x1, 0x8001, 0x7, 0x0, 0x5, 0x6de0, 0x7b, 0x50d4, 0xffffffff, 0x3, 0x2, 0x7, 0x20, 0x7, 0x1ff, 0x800, 0x10001, 0x8, 0x100, 0x0, 0x5, 0x5, 0x2efe, 0xfe, 0x401, 0x4, 0x7f, 0x81, 0x80000000, 0x7fff, 0x400, 0xfffffffd, 0x5fa, 0x4, 0x7fff, 0x8, 0xe170, 0x7fffffff, 0x1, 0x6, 0x1f], 0x33, ['vmnet0{wlan1vboxnet1\x00', '+^},@/!%vboxnet1$md5sum*}GPL/\x00']}, ["", "", "", "", "", "", "", "", "", ""]}, 0x454}}, 0x4000000) 17:26:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x9, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2310.731136][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2310.805341][ T27] audit: type=1804 audit(1586453206.996:45010): pid=2783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2586/bus" dev="sda1" ino=17072 res=1 [ 2310.830777][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:47 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000040)={0x1d22000, 0x6ca2, 0x4, 0x1, 0x3}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2310.891152][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2310.947173][ T2615] memory: usage 307200kB, limit 307200kB, failcnt 2984 [ 2310.994802][ T2615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2311.156527][ T2615] Memory cgroup stats for /syz1: [ 2311.156773][ T2615] anon 269836288 [ 2311.156773][ T2615] file 20480 [ 2311.156773][ T2615] kernel_stack 4055040 [ 2311.156773][ T2615] slab 7688192 [ 2311.156773][ T2615] sock 53248 [ 2311.156773][ T2615] shmem 0 [ 2311.156773][ T2615] file_mapped 0 [ 2311.156773][ T2615] file_dirty 0 [ 2311.156773][ T2615] file_writeback 0 [ 2311.156773][ T2615] anon_thp 239075328 [ 2311.156773][ T2615] inactive_anon 0 [ 2311.156773][ T2615] active_anon 269836288 [ 2311.156773][ T2615] inactive_file 0 17:26:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xa, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2311.156773][ T2615] active_file 0 [ 2311.156773][ T2615] unevictable 0 [ 2311.156773][ T2615] slab_reclaimable 1486848 [ 2311.156773][ T2615] slab_unreclaimable 6201344 [ 2311.156773][ T2615] pgfault 177837 [ 2311.156773][ T2615] pgmajfault 0 [ 2311.156773][ T2615] workingset_refault 99 [ 2311.156773][ T2615] workingset_activate 66 [ 2311.156773][ T2615] workingset_nodereclaim 0 [ 2311.156773][ T2615] pgrefill 1499 [ 2311.156773][ T2615] pgscan 1526 [ 2311.156773][ T2615] pgsteal 368 [ 2311.524515][ T2615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=31254,uid=0 [ 2311.667634][ T2930] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2311.698296][ T2930] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2311.714125][ T2615] Memory cgroup out of memory: Killed process 31254 (syz-executor.1) total-vm:74968kB, anon-rss:2216kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2311.790369][ T2930] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2312.123908][ T2522] block nbd1: Attempted send on invalid socket [ 2312.130141][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2312.152093][ T2940] XFS (nbd1): SB validate failed with error -5. 17:26:48 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:48 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0x3, 0x80001) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x33) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f0000000380)={@ax25={{0x3, @bcast, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, {&(0x7f0000000300)}, &(0x7f0000000340), 0x4}, 0xa0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000300)={0x80}) ptrace$cont(0x7, r4, 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={[], 0xffff, 0x8001, 0x0, 0x8000, 0x10, r4}) 17:26:48 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x9, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:48 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x60) 17:26:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xb, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:48 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') pidfd_getfd(0xffffffffffffffff, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NL80211_CMD_DEL_STATION(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='\b\x00%\x00', @ANYRES16=r1, @ANYBLOB="00082dbd7002fbdbdf251400000005001900000000001c0081000500010002000000050002000200000005000100080000000500190002000000"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x4, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="970000000206010400000000000000000000007a31000005000500000000000c000780080017400000e800f9bb0f5ea5c573743a7365740000381890be00"/78], 0x54}}, 0x0) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) [ 2312.330846][ T27] audit: type=1804 audit(1586453208.516:45011): pid=2967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2587/bus" dev="sda1" ino=17020 res=1 [ 2312.373938][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2312.417794][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2312.449881][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2312.651381][ T2968] device lo left promiscuous mode [ 2312.727507][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2312.754042][ T2974] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 17:26:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xc, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2312.813276][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2312.868673][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2312.980274][ T2974] CPU: 0 PID: 2974 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2312.988961][ T2974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2312.999013][ T2974] Call Trace: [ 2313.002350][ T2974] dump_stack+0x11d/0x187 [ 2313.006733][ T2974] dump_header+0xa7/0x399 [ 2313.011082][ T2974] oom_kill_process.cold+0x10/0x15 [ 2313.016210][ T2974] out_of_memory+0x21d/0xa30 [ 2313.020832][ T2974] ? __rcu_read_unlock+0x66/0x2f0 [ 2313.025912][ T2974] mem_cgroup_out_of_memory+0x12b/0x150 [ 2313.031474][ T2974] try_charge+0xb60/0xbe0 [ 2313.035819][ T2974] ? __rcu_read_unlock+0x66/0x2f0 [ 2313.040851][ T2974] mem_cgroup_try_charge+0xd7/0x260 [ 2313.046109][ T2974] mem_cgroup_try_charge_delay+0x36/0x70 [ 2313.051756][ T2974] __handle_mm_fault+0x18f1/0x2cf0 [ 2313.057138][ T2974] handle_mm_fault+0x21c/0x540 [ 2313.062004][ T2974] do_page_fault+0x4a4/0xa52 [ 2313.066763][ T2974] ? do_syscall_64+0x27f/0x390 [ 2313.071535][ T2974] page_fault+0x34/0x40 [ 2313.075688][ T2974] RIP: 0033:0x40f91a [ 2313.079639][ T2974] Code: 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 30 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 d6 43 ff ff <83> 05 e3 06 76 00 01 80 7c 24 07 00 74 0b f6 44 24 08 01 0f 84 b5 [ 2313.099244][ T2974] RSP: 002b:00007ffc39b30710 EFLAGS: 00010207 [ 2313.105323][ T2974] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000045c889 [ 2313.113303][ T2974] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bf08 [ 2313.121475][ T2974] RBP: 000000000076bf0c R08: 00007fc0c32ac700 R09: 00ffffffffffffff [ 2313.129592][ T2974] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000076bf00 [ 2313.137560][ T2974] R13: 0000000000000003 R14: 0000000000000000 R15: 000000000076bf0c 17:26:49 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2313.524484][ T27] audit: type=1804 audit(1586453209.716:45012): pid=3123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2588/bus" dev="sda1" ino=17101 res=1 17:26:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x9, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2313.609424][ T3108] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2313.624446][ T2974] memory: usage 307200kB, limit 307200kB, failcnt 3047 17:26:49 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd2d, 0x25dfdc02, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x200, 0x80040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ACQUIRE(r5, 0x6430) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000280)=0x2) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2, 0x80}], 0x1, 0x3f4f) [ 2313.701613][ T3108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2313.722642][ T2974] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.768265][ T3108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2313.818074][ T2974] Memory cgroup stats for /syz1: [ 2313.818205][ T2974] anon 269844480 [ 2313.818205][ T2974] file 20480 [ 2313.818205][ T2974] kernel_stack 4055040 [ 2313.818205][ T2974] slab 7688192 [ 2313.818205][ T2974] sock 53248 [ 2313.818205][ T2974] shmem 0 [ 2313.818205][ T2974] file_mapped 0 [ 2313.818205][ T2974] file_dirty 0 [ 2313.818205][ T2974] file_writeback 0 [ 2313.818205][ T2974] anon_thp 239075328 [ 2313.818205][ T2974] inactive_anon 0 [ 2313.818205][ T2974] active_anon 269844480 [ 2313.818205][ T2974] inactive_file 0 [ 2313.818205][ T2974] active_file 0 [ 2313.818205][ T2974] unevictable 0 [ 2313.818205][ T2974] slab_reclaimable 1486848 [ 2313.818205][ T2974] slab_unreclaimable 6201344 [ 2313.818205][ T2974] pgfault 177936 [ 2313.818205][ T2974] pgmajfault 0 [ 2313.818205][ T2974] workingset_refault 99 [ 2313.818205][ T2974] workingset_activate 66 [ 2313.818205][ T2974] workingset_nodereclaim 0 [ 2313.818205][ T2974] pgrefill 1499 [ 2313.818205][ T2974] pgscan 1526 [ 2313.818205][ T2974] pgsteal 368 [ 2314.047314][ T2974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30997,uid=0 [ 2314.091118][ T2974] Memory cgroup out of memory: Killed process 30997 (syz-executor.1) total-vm:74968kB, anon-rss:2216kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2314.117831][ T1080] oom_reaper: reaped process 30997 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 2314.266559][ T2523] block nbd1: Attempted send on invalid socket [ 2314.272918][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2314.285439][ T3287] XFS (nbd1): SB validate failed with error -5. 17:26:50 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2314.400556][ T3110] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2314.459533][ T3110] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2314.472470][ T3110] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2314.507686][ T2523] block nbd1: Attempted send on invalid socket [ 2314.514139][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2314.533102][ T3287] XFS (nbd1): SB validate failed with error -5. [ 2314.670407][ T3134] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2314.714969][ T27] audit: type=1804 audit(1586453210.906:45013): pid=3319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2589/bus" dev="sda1" ino=17101 res=1 [ 2314.745791][ T3134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2314.850522][ T3134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:51 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r3 = getpgid(r2) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x5, 0x238003) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x3, 0x81, 0x5e, 0x0, 0x8, 0x20100, 0x6, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x886, 0x1, @perf_config_ext={0x7, 0x1}, 0x880, 0x3, 0xfffffffb, 0x2, 0x2, 0xea7, 0xff12}, 0x0, 0x0, r4, 0x8) setpriority(0x2, r3, 0x81) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:51 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000180)={'wg2\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:26:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xd, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:51 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:51 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x70) 17:26:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x9, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2315.189532][ T3338] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2315.208823][ T27] audit: type=1804 audit(1586453211.396:45014): pid=3339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2590/bus" dev="sda1" ino=17000 res=1 17:26:51 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000240)={0x2, {{0xa, 0x4e24, 0x3, @rand_addr="55d8722c0056a6d5ef4a03c177be8299", 0x1000}}, 0x0, 0x5, [{{0xa, 0x4e22, 0x2, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x2, @remote, 0x1}}, {{0xa, 0x4e23, 0x8, @empty, 0x200}}, {{0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x15}, 0x75c}}, {{0xa, 0x4e23, 0x6, @rand_addr="7ee96ec773f62a94e32b067987ab79f0", 0x1}}]}, 0x310) [ 2315.276845][ T3338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:51 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2315.363762][ T3338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2315.558867][ T27] audit: type=1804 audit(1586453211.746:45015): pid=3499 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2591/bus" dev="sda1" ino=17118 res=1 [ 2315.618555][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2315.658188][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xe, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2315.716627][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2315.722674][ T2522] block nbd1: Attempted send on invalid socket [ 2315.730437][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2315.742401][ T3618] XFS (nbd1): SB validate failed with error -5. 17:26:52 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2316.029960][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:26:52 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) splice(r0, &(0x7f0000000240)=0x8001, r1, &(0x7f0000000280), 0x2f, 0x2) accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r2 = socket$netlink(0x10, 0x3, 0x12) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$tipc(r5, &(0x7f0000000780)={&(0x7f00000002c0)=@name={0x1e, 0x2, 0x1, {{0x42}, 0x1}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000300)="debbf594d82c7b0d6b16dd3e06e223cc9118c3e245119f97cc2417618fe6ffbacbbc3610bdba5c7a318a6cccecc97c73f5d0fad8753e8bf050e474a38b833c5692435dc5b89b9018a7e6dde61f9c5d95030c7ece581c8fbee5485ea92af577940c09efdafb8a254c628a", 0x6a}, {&(0x7f0000000380)="72eb85b3b46087f0be7648d2707ba7f45ce04cfd7dc629d1bfdc235601c905610fdb2930e516a425f451a27e92a6f0207c935db1f12ba492c9f28c61945cb57fcca9076b1422bb1567647765318c1ef5b8d119085dd2109daf5edcb231619d3edab6bb2551fc283cd123d715fbe5d0f7a3a82f9cb184a6adf60b63ab0bf38b6e8df549aa4c", 0x85}, {&(0x7f0000000440)="27c1a2938cc77723dc65987db1c6aeff6a2ffa2d93ab1c5b292c10b6daf4473c8be0ddb9ad3223231cd8c4cbff2598f3b9d9dc5b8ae5ca7eb90a0e0948715d6a2fc3cb9ecdef9743f7aae83a3e623a851f79333625847f345974d9e2f01278be0717ac8caaecd736021cdaa55c91b7796c1c1e712a73079a6bbdf35a244c6fa66a9e5da1acdf46fd5d42b37d986e20d2d5aa26efe8d5c71d7767611198cddb0eb0eb151d85dee429ae83e3edd1c033abcde00f5afcb3e8953f2a4ed0a3d699240d806ed8ad5c29e43cbab0e14003b30bfe8b", 0xd2}, {&(0x7f0000000540)="40b5e8ab83b6c8441aead57e4be7f729540e69abd8754de3e0facc17d2bb95f64570dabaf6978baac63da2c57d581356fb788ef0c770ea1bdb3e809aeb2df42782b364b32ba28fa85dc1dbfed2ba9e749dd3c52d200571d5031c69879c1e1254792e2bee955fcfcd9a48edb1f7ff5009593c9d37a957dba8a608b7e55ecc8decc590f1dbb3b6439f01a8d9fde2ac8cf4f4835085c35395d785eaa43a1582c269e8f2b95aceadf2683ed6c91903e842888c02ed9a2689af91350a2902e4cfe80e78cb1079d137847770e35f5ec6fa0b648b604a5acefaa56e5d85779ec993fcfa6cfd80874387ef6ca019", 0xea}], 0x4, &(0x7f0000000680)="57b9a5ddde0cd33658bf7ed223495ae2f83bade19cd0c16d6441c7f47181465ecdeb913412c9f880348e6eeca9b2a2a2e9c02eb61e44d4095b648806ee1dba504e3ce665ec6e18a888b74e58069552deed6f0b7b4538f733840cd7f0a5e511515f8045786c36cc340061b9fb713ada84ebff12dcae7ce845566dfe40ee8d5fb219f82571d1d31e32105473483ff915a20b4394c7c9938054a3a0cc79307987f1595464e96d577431670a4d001308f70f3f381150ac7c967a2d891ec1768517ce30f58c0c0f", 0xc5, 0x800}, 0x891) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:26:52 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(0x0, 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:52 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f00000000c0)={0x2, 0xc, 0x4, 0x0, 0xad6f, {}, {0x2, 0x1, 0xcb, 0x81, 0x4, 0xd8, "a7ff79cb"}, 0x2de, 0x3, @userptr=0x1, 0x5, 0x0, r2}) write$apparmor_exec(r3, &(0x7f0000000040)={'exec ', ')-.\x00'}, 0x9) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2316.074202][ T27] audit: type=1804 audit(1586453212.266:45016): pid=3637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2592/bus" dev="sda1" ino=17118 res=1 [ 2316.096898][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2316.192889][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:52 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00'}, 0x10) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) ioctl$void(r2, 0x5451) 17:26:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0xf, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2316.734800][ T27] audit: type=1804 audit(1586453212.926:45017): pid=3753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3427/bus" dev="sda1" ino=17082 res=1 [ 2316.812439][ T2522] block nbd1: Attempted send on invalid socket [ 2316.818708][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2316.844233][ T3771] XFS (nbd1): SB validate failed with error -5. 17:26:53 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd700025140000000500e400e5ffffff05001301010000000000bd953b670000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0xebdc, 0x10000) ioctl$VIDIOC_S_EDID(r3, 0xc0285629, &(0x7f0000000400)={0x0, 0x0, 0x1, [], &(0x7f00000003c0)=0x80}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x4001, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r4, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x18, 0x140d, 0x2, 0x70bd2b, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008010}, 0x4000000) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2316.921023][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2317.003196][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2317.041074][ T3778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:53 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x7e) 17:26:53 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r3 = getpgid(r2) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x5, 0x238003) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x3, 0x81, 0x5e, 0x0, 0x8, 0x20100, 0x6, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x886, 0x1, @perf_config_ext={0x7, 0x1}, 0x880, 0x3, 0xfffffffb, 0x2, 0x2, 0xea7, 0xff12}, 0x0, 0x0, r4, 0x8) setpriority(0x2, r3, 0x81) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:53 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:53 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r2, 0x2468825185d9173d, 0x0, 0x0, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @link_local}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="080028bd7000ffdbdf25080000000c009900010000000000000014000400766574930000006f5f62617461647600"], 0x34}, 0x1, 0x0, 0x0, 0x48011}, 0x4000000) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:26:53 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcsu\x00', 0x0, 0x0) bind$packet(r0, &(0x7f0000000300)={0x11, 0x3, 0x0, 0x1, 0x7, 0x6, @remote}, 0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000100)={0x0, @bt={0x1, 0x7, 0x0, 0x2, 0xe47, 0x2, 0x6, 0xd1e7, 0x7, 0x9, 0x7fffffff, 0xa75, 0x1, 0x6, 0x0, 0x8, {0x1, 0xffffffff}, 0x5, 0x80}}) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x500, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r5, 0xc0845658, &(0x7f0000000380)={0x0, @bt={0x7, 0x9, 0x1, 0x3, 0x200, 0xfffffffa, 0x6, 0x8, 0x8, 0x653, 0x1, 0x4, 0x5, 0x6, 0xa, 0x8, {0xff, 0x8000000}, 0x9, 0x1}}) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCL_BLANKSCREEN(r3, 0x541c, &(0x7f0000000280)) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$TCSETSF2(r7, 0x402c542d, &(0x7f0000000040)={0x2, 0x3, 0x1, 0x0, 0x9, "525fa6fa8bdeeebe3f23592ed8dfe4a0c05d48", 0x9, 0x5}) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x10, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:53 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r3 = getpgid(r2) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x5, 0x238003) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x3, 0x81, 0x5e, 0x0, 0x8, 0x20100, 0x6, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x886, 0x1, @perf_config_ext={0x7, 0x1}, 0x880, 0x3, 0xfffffffb, 0x2, 0x2, 0xea7, 0xff12}, 0x0, 0x0, r4, 0x8) setpriority(0x2, r3, 0x81) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2317.414904][ T27] audit: type=1804 audit(1586453213.606:45018): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2593/bus" dev="sda1" ino=17079 res=1 17:26:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x4009}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000280)) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000240)=0x4) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2317.657131][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2317.696348][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2317.718480][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2317.818496][ T2522] block nbd1: Attempted send on invalid socket [ 2317.825462][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2317.839596][ T4146] XFS (nbd1): SB validate failed with error -5. 17:26:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x11, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:54 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r3 = getpgid(r2) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x5, 0x238003) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x3, 0x81, 0x5e, 0x0, 0x8, 0x20100, 0x6, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x886, 0x1, @perf_config_ext={0x7, 0x1}, 0x880, 0x3, 0xfffffffb, 0x2, 0x2, 0xea7, 0xff12}, 0x0, 0x0, r4, 0x8) setpriority(0x2, r3, 0x81) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:54 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2318.276609][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2318.308326][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2318.378833][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2318.569872][ T27] audit: type=1804 audit(1586453214.756:45019): pid=4288 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2594/bus" dev="sda1" ino=17116 res=1 17:26:54 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x14, r1, 0x10, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0x0, r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000340)={'wg0\x00'}) r4 = semget$private(0x0, 0x207, 0x0) semop(r4, &(0x7f0000000140)=[{0x0, 0x3}], 0x1) semop(r4, &(0x7f0000000000)=[{}], 0x1) semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f0000000240)=""/226) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2318.808524][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2318.880132][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2318.918598][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:55 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbe625140000000500e4000100000005001301010000000600ab00090000009043c92407fa3ffd5a20593ca948c5b461cc9517595dc8e1e64e1106c837830a33f952d0bb510245a451bbeb99118981476251548e151ea9a6999121a356e2ccdad49fb9b13e47a7e120e1a031bf473e1349ae8cdbf9d37929383f9a47e69ea5d10dcbe6e4e6904c66e580b9999d6d25c76832607a9d2d3008d1815ddd442e4c8d342c4adb1122e4d3fe7350442cd80ef2d0be81f4c4066c5cce7a57219f4c51361b52c46e1e858d285a664f94433707ac38b53b997a10c525ee210ee0a4a0b193d6d37b873892fdc009e30357be4b5747160d53159aa8bf3db1925817c72b9dc66a154266fc6f0eaabb4d22f6d1bc97dc3b9e9e9915074b46"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00', 0x0}) r3 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280)='wireguard\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wg0\x00', r2}) sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="080227bd7000ffdbdf250000000024000300b08073e8d44e91e3da922c22438244bb885869e269c8e9d835b114293a4ddc6e240047be90a90300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542", @ANYRES32=r7, @ANYBLOB="0800070003000000"], 0x6c}, 0x1, 0x0, 0x0, 0x82b5bc4492db6fa}, 0x4041) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:26:55 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000280)={0x9, 0x108, 0xfa00, {r4, 0xdf, "b84950", "71f06ee72d46e701d44a37694dfa19548002a5182c6757ea96e64fdc2d7c68c8d2606308c8be8b75bb0d3fd29e09e6f0cf957241e51b36e9c7c23dbcc23b5c6f6b237555cc0b314e667b8e90c4637ca2cd3e3f70be65da0b67d1a9e42727d5f3099f24d7f179f4f63b05f248cc33aacd1a214da87ae9f5ee2db19f7b05512eb4cbd55ac22e87d07d037e2e74f123d187c427f594530980e735cd2378ff97dfc5bd92e62863ede804cea24b5b9d6e7982b73a4632c9a49515770a2aa55f3d0863c5da15f2b7fb58d4bc9a5655ca2840230ccb085f29a99bd641907009c3ed39bf0433ee95c46c97afdec2d292f5bdab3d9f14435f7c363174faef662a953f7c11"}}, 0x110) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)) personality(0x4000005) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:55 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:26:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x12, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:55 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xf0) 17:26:55 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2319.632143][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2319.650103][ T27] audit: type=1804 audit(1586453215.836:45020): pid=4421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2595/bus" dev="sda1" ino=17079 res=1 [ 2319.694497][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:55 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2319.757136][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:56 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f00000017c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001780)={&(0x7f0000000280)={0x14c8, 0x7, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x7008}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0x1454, 0x4, 0x0, 0x1, [{0x834, 0x1, 0x0, 0x1, [@quota={{0xa, 0x1, 'quota\x00'}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x9}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}}, @dup_ipv4={{0x8, 0x1, 'dup\x00'}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x2}]}}, @masq={{0x9, 0x1, 'masq\x00'}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x21}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x2b}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x10}]}}, @target={{0xb, 0x1, 'target\x00'}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x8000}]}}, @dynset={{0xb, 0x1, 'dynset\x00'}, @val={0x88, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_DYNSET_EXPR={0x44, 0x7, 0x0, 0x1, {{0xb, 0x1, 'lookup\x00'}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SET={0x9, 0x1, 'syz1\x00'}, @NFTA_LOOKUP_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_LOOKUP_SREG={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_LOOKUP_SET={0x9, 0x1, 'syz1\x00'}, @NFTA_LOOKUP_DREG={0x8, 0x3, 0x1, 0x0, 0xf}]}}}, @NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_DYNSET_TIMEOUT={0xc, 0x6, 0x1, 0x0, 0x401}, @NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0xb}]}}, @cmp={{0x8, 0x1, 'cmp\x00'}, @val={0x6ec, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0xd8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "be7fe1cdfac18174de525146880a4c365422b2e20a7997a6952c1a6d547481ff672d7b474e8f30bfc420964470838a812570f13669ee02b03ac1440a8edc9d3332950fbc068135edf4e4f869dd5516a3984d62557a0283025df8266c840a788264b5be48ed1d97a67ff9e127502b1bc9b0f4002231fb8b9290cdcf9509e9b76fd77adfdcfc2b0680ab9968537463e04bf09939087724e468b6"}, @NFTA_DATA_VALUE={0x33, 0x1, "0e39e32f5abd9dc8d8f261cb48c461c0fa95c942f44a7fb72f5150a8ec8aa0f6f86134123dbe9ca684cb6ac338e48f"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x450, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xf9, 0x1, "a28b15f3308d6eabba3add23cb184c0f532c6c7250eb4e20dc6ded300d4495a2025f854087ff4d4f13b723e82b2a42da4dd443344aacabe330f648f1bcf7163fd9b2f3443abd9bde179748b4038408ca615febfbc8b3552bbf122e97dc559526f201f4a6392a52ff1b22cc020e130fa98c95a082757b25c22321ad54c32960810d3d9ab6be6686aab49a05cc598e4ebfd66023bdbdacec72c4c1305222c65b0914d39d7849b106c8de67fa3ea8e77f694b23f1e8d1c19d0df7c0b806a036b828332f1753807c34a42931023cc50a8a10e229cd94b69f403086c07ad7d61b35b3105bd0317b7d3d6d2a75178bf83139a11b9c93dddd"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x1c4ca18695a715a5}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0x38, 0x1, "ef47134e65fbb3c521ee7a4d59f67b3b1eafb2ed7c710d080831b3dda3ebccfa4b3c8c7af9ecc80ce8f5d7dcdb1915790729731d"}, @NFTA_DATA_VALUE={0xa2, 0x1, "0d1c43cf058b88a91ad783da2dcb95b50cb5476f40cf2b17eb2b5c1f3a11ae10a5f29fcc2ab4338cccbc0d0d0a3cbf7e00436809b480f899bee35deebc9257df40395a567ddb239f7bf4f21f50a53ee7d40461b26a03043851afc81f667d58e05154869e4b579a185b4878684203a9d1cefc03e3a628df12c8321de92a7f0ed0bc7654068569cf0d5c4540e396f477c57ba2ce5b49d49596736c5a925c50"}, @NFTA_DATA_VERDICT={0x64, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x5}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x76, 0x1, "cadeceeef275b6cdf907ead9eb04eaec84a5aa1a8a9eef4381daa3b3b561377dc5dc42253f68805e2e8ec7d1620f9b030645a0f2e9d59817cee3fb4100336b4ea8e0fd52abd67dc3d5eb7237fe27e7c3d154d772e16a80816be57c4a5d7f77f18389acf37620f729974881a77bacdf8e7295"}, @NFTA_DATA_VALUE={0xf3, 0x1, "f9a527f730b66d8a39afa728cc93d985e592b71b35ca0035a5ff43bbbdef0b5547ed965c67df225af620adbfe097c5494b55498d4c17f429a204c5877c87a0710ca3783f3e7238517735b5783920c3189aec05bcb3248e1c64983a0f85508e07f5f0ec97e5303e440601c986c21f3313cbc5c7ddf864cd57ffb9fa77061f6873ff10d6afc3eb7293c660bd37620b86466368191e9c5863edf63f55b636dd41a3808e082f44cbacbc7c0fff3a7c8e8948bb95444e6b565bb5fff9cc8a398dcd7c11f3afb64bb068927e41634fa4d7520a24d7eb2df5ded7571ba32c3ade26d06a8be2d4670edb0201d84a5b00e6fe29"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CMP_DATA={0x2c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_CMP_DATA={0x164, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0x57, 0x1, "5b8545ca6fd1d6e2075f17aabf3d8c589b3228a1d34f91ea727afbd04fbabddf934d027c620994e4884ab505f116312a46a65ad4d9390d277d165ca3ea47f1a0daee2fdbe1de8e158a3d57d32af1a0b51b0e94"}, @NFTA_DATA_VALUE={0xf, 0x1, "77108f5c0185a84b068cea"}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_CMP_SREG={0x8}]}}]}, {0x5b0, 0x1, 0x0, 0x1, [@range={{0xa, 0x1, 'range\x00'}, @val={0x584, 0x2, 0x0, 0x1, [@NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_TO_DATA={0x25c, 0x4, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x30, 0x1, "21de1ff431a567a0ad499e081c9a07ea0483720e4e07ab2720757e7620650cc5701bdfcceca791ca884d507d"}, @NFTA_DATA_VALUE={0xa3, 0x1, "eb47e08ba0c7fcf13974577aa6018b19b54497a7bde174291efd3f56f59152d744f782efc46ddf8b0bbec50fd580f0afe1b33df7bdd780d26000f1de53423243618ca146ed1eb4daddd859a76a672a6005134fb9c17fd87132262925a97c1bb95a89cb15dad309120355840c534c41d290ac2cfcd2336537d84555b9371f4f6438d2216879ec25029598a21049d443d494cff46ae3c3d688dd1e8faa3f6e06"}, @NFTA_DATA_VALUE={0xc9, 0x1, "6a86f68eeb9c0123aeda1df3587a366334f7684bbb109aa0208d29ee81940800b0c54ed4fc8337e238797e2a26976b5cc176cc2eb7804a4cd488a624e964027b4aa80d6049c85a27608537ac13e29d9896999a704fc6db22ec58be1d5b2ff53c7553d302556e7a868cf189fac0201a99c745124ddc5f9f6b46dc794890267535d26cb280f12831f6abac606b512ba3efd079569c9a1bc6947eccf73bcc0ca67585e19bcd9b44ff688f4083e5977633659db4a8a44f4e1667d660f2e8ac96b49f61541a1b43"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_RANGE_FROM_DATA={0x130, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xf6, 0x1, "908d432bbef940bdadb34c35829893f0111365339c8418bc06341101f0b8082e80f1d850fd13b2b1ba91c7af1faa5c74c68ba5625eccce920f3c0184c45f4b9c2ddfa198a58382958051b0e94a3e228a6194b3e8f3f9b9ce3c15e3cbac4a0cda793d6ab1217c200f9755d552043d82558c0b39f11ef4b8a3601b44dc445494eed009d8f87ecb1e9a6ce0cb8d25fb6e7a358d16e31b0bba9d8c2f1bfb2e1f6eba58d7cb1045f8cdbd00278c0599abc428749d71fdd2311831efa7aa4c2f2ccbc52317fb618fed1dfbc9f517f2f015377f535395148a72185b9ac2e073fc500ac56d876d46246d74aa724a3a3d497d280b1cd9"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}]}, @NFTA_RANGE_TO_DATA={0x1d4, 0x4, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xb97f61be9e611b1c}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffff9}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xc0, 0x1, "df4174ddca7c9a343bf36c38a65df4892601c60a64408c906d8dd468a136695d57e69dc0088f7107c80735854935b1915e17c2f3848643114d26c5cb21c438fe103453028b98e977dcc47def8a28dd4bb46136b834ecb9047b3c7b325be55e6c8449252a024f5715f41cc8a0a58094d1a5ae7fd9a0c4ab7995d9d778a903dfd2c3d83cde5cff6b0300eac3324bc0cd4a3c617061404fc58cf5424f5328dd849a5b9abff73deb8ae161b476f1ce2378e92d6f75cd1ef2c271e7950dd8"}, @NFTA_DATA_VALUE={0x1e, 0x1, "ca0e850077dcc6191ea60ba80bfbc670d2474203ef95a2ff9256"}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xb}]}}, @range={{0xa, 0x1, 'range\x00'}, @void}, @immediate={{0xe, 0x1, 'immediate\x00'}, @void}]}, {0x558, 0x1, 0x0, 0x1, [@log={{0x8, 0x1, 'log\x00'}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LOG_SNAPLEN={0x8, 0x3, 0x1, 0x0, 0x401}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x10}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x33}, @NFTA_LOG_PREFIX={0x5, 0x2, 0x1, 0x0, '\x00'}]}}, @immediate={{0xe, 0x1, 'immediate\x00'}, @val={0x444, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x4}, @NFTA_IMMEDIATE_DATA={0x424, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x94, 0x1, "9144db34609f2270fe548e006accdab56ede7b725f3ed34e14ceaf9978788c86f7c86dccb3a9b79ad5749992533e99f1acc259caf8cb97c11c498391bb7c63247d43765f7d221486b16c05cf8e07c8555bf712d966d95190cb24a5f5f5e41f71b22dc96b09a13a999506450b343435dc26fa769c27b545ced68ae47387fced8b5643c41bcd540f2f7e2859892120724d"}, @NFTA_DATA_VALUE={0xeb, 0x1, "f4745881c4af4b62375ec7086e656a784e9dff1af15c9968dc8fc6c68a0124bdfd19fb6f1660d0f30be05e6920ba55e224a9c45329f7aface76a9572eac108790a8f315cf012bbf6aad4ae2f8dc4ca5ebe60049fa5ff48bf77df947beb7b98175326ff172dcbe1d019b8eccb6ee7e75f05d061d1ea618933a6407d7100ba75d47ceced9989caf4d60580126368a1742549388ea15e1d264ce02dbc6025c4b3516ac029467b619988c3e3275e53b8e2bbbe1c48605bd0b8804884e9b6428694d025a01f9be3e1930bf6537d3842c73a9d91857d8428213270167a57109a4eb52fcc3ce8ec1b3927"}, @NFTA_DATA_VALUE={0xcf, 0x1, "1b4aa78fe59381037a4d5e74978e351688f309336b2fea2b5973e453bd0db35df50fe44935c41d0eb9f29ab5603b4ca3c90029708c888afb52110f59abb23eb0b870998b1b0cbee0fef6ddcb7265016c0fd520f1aaaa3c30f010cd52f312a06eb132dac04c9321f193124d4c7e1b16602790820809f19d7b243c34fe2d8c233d8f0b7ae21805e985a4e30318254beb221019a0e77eb704c13cd9799dbffe732ab5188166f3244a004b2be3b2b85dfe6ed5e381a6f129fe49ebbad38f0327c995926292bce8c9e04388c34b"}, @NFTA_DATA_VALUE={0xe6, 0x1, "e82b95e390754db94d0b11d9c8c4eaa226b74124f5ad9b4dae6dc16531f8aba1050eeca6532c1ea199bef60e43c4dd4df76cc9a1b0817e6e77c1ee819db685c4e7e269ac2e1613bef6b083f2da059493aa0890e4d735baba603b39aeb4208dc4cf607414596913039e120b678d05b8ac6b3ac30592cd95308646eb80a529dbd86eb66861a5f13168fae36821b6291c3964e4506fd203c55110821b3806cc4ee198264f19ce57d03cf549ac1487897ccba0df1f0824e2f9148c18c3c5f31725614d0893dd881c495597efe3768f6ca677f33d4aacd2e0fb71e8c0e43232e934322f22"}, @NFTA_DATA_VALUE={0xbf, 0x1, "42d6b861e8ebc23933a2e1ab91cffd92aa31b3247e13442ea9b5b8bcfff7ac2559dc046f3d10e16842eefcf7b57ad7d7ecf44c8e4bc97f6076a2a32fbd7f789024b4eed4c89a9a1fc74f477a47b24a45ed7aecb26f6889909f622cf2e72ce318f73ba415dff16e687fa5feb10c8ae6cb3f3f356ca81c8c2964d0a8af7fbb174ec5578eb6e7f6e7c76160e5f199828b4674b58c637828536ddb3776acf2ad06bc2d5c21483a7144267ffd9bfbe3a96b7ec76f7af756ccb210439750"}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xde576b9827d79cd9}]}}, @limit={{0xa, 0x1, 'limit\x00'}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_FLAGS={0x8}]}}, @dynset={{0xb, 0x1, 'dynset\x00'}, @val={0xa4, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_DYNSET_EXPR={0x58, 0x7, 0x0, 0x1, {{0xb, 0x1, 'lookup\x00'}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SET_ID={0x8}, @NFTA_LOOKUP_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_LOOKUP_DREG={0x8, 0x3, 0x1, 0x0, 0x11}, @NFTA_LOOKUP_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_LOOKUP_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_LOOKUP_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_LOOKUP_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_LOOKUP_SET={0x9, 0x1, 'syz2\x00'}]}}}, @NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_DYNSET_EXPR={0x10, 0x7, 0x0, 0x1, {{0xb, 0x1, 'lookup\x00'}, @void}}, @NFTA_DYNSET_FLAGS={0x8, 0x9, 0x1, 0x0, 0x1}]}}, @objref={{0xb, 0x1, 'objref\x00'}, @void}]}, {0xd4, 0x1, 0x0, 0x1, [@synproxy={{0xd, 0x1, 'synproxy\x00'}, @void}, @tunnel={{0xb, 0x1, 'tunnel\x00'}, @void}, @range={{0xa, 0x1, 'range\x00'}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}, @cmp={{0x8, 0x1, 'cmp\x00'}, @void}, @payload={{0xc, 0x1, 'payload\x00'}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x13}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_TYPE={0x8}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x15}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}]}}, @bitwise={{0xc, 0x1, 'bitwise\x00'}, @void}, @connlimit={{0xe, 0x1, 'connlimit\x00'}, @void}, @queue={{0xa, 0x1, 'queue\x00'}, @void}, @bitwise={{0xc, 0x1, 'bitwise\x00'}, @void}]}, {0x40, 0x1, 0x0, 0x1, [@payload={{0xc, 0x1, 'payload\x00'}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x15}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x3026}]}}, @dup_ipv6={{0x8, 0x1, 'dup\x00'}, @void}, @objref={{0xb, 0x1, 'objref\x00'}, @void}]}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}]}, 0x14c8}, 0x1, 0x0, 0x0, 0x1804}, 0x8810) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) [ 2320.034565][ T27] audit: type=1804 audit(1586453216.216:45021): pid=4545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2596/bus" dev="sda1" ino=17092 res=1 [ 2320.137917][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2320.175504][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:56 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2320.185664][ T2522] block nbd1: Attempted send on invalid socket [ 2320.191976][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2320.205634][ T4544] XFS (nbd1): SB validate failed with error -5. [ 2320.212327][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2320.321656][ T27] audit: type=1804 audit(1586453216.506:45022): pid=4658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2597/bus" dev="sda1" ino=17092 res=1 17:26:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x13, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:26:56 executing program 2: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd2d, 0x25dfdc02, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x200, 0x80040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ACQUIRE(r5, 0x6430) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000280)=0x2) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2, 0x80}], 0x1, 0x3f4f) 17:26:57 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2320.798682][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:26:57 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r5, 0x20, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x40) 17:26:57 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0x0, r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2320.900106][ T27] audit: type=1804 audit(1586453217.086:45023): pid=4683 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2598/bus" dev="sda1" ino=17140 res=1 [ 2320.996480][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:57 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2321.042488][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2321.164108][ T27] audit: type=1804 audit(1586453217.356:45024): pid=4794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2599/bus" dev="sda1" ino=17109 res=1 17:26:57 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2321.250736][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:26:57 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x543) 17:26:57 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0007e12fc583f2e5dbfeed7dce280000", @ANYRESHEX, @ANYBLOB="04002dbd7000fedbdf25140000000500e40001000000050013010100b28b19b8304cf90a81b74816a4c16121ffa14a8944bf00"/65], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r1 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x810, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r1}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet(r3, &(0x7f00000001c0)={0x2, 0x4e20, @rand_addr=0x9a}, 0x10) 17:26:57 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000280)={0x9, 0x108, 0xfa00, {r4, 0xdf, "b84950", "71f06ee72d46e701d44a37694dfa19548002a5182c6757ea96e64fdc2d7c68c8d2606308c8be8b75bb0d3fd29e09e6f0cf957241e51b36e9c7c23dbcc23b5c6f6b237555cc0b314e667b8e90c4637ca2cd3e3f70be65da0b67d1a9e42727d5f3099f24d7f179f4f63b05f248cc33aacd1a214da87ae9f5ee2db19f7b05512eb4cbd55ac22e87d07d037e2e74f123d187c427f594530980e735cd2378ff97dfc5bd92e62863ede804cea24b5b9d6e7982b73a4632c9a49515770a2aa55f3d0863c5da15f2b7fb58d4bc9a5655ca2840230ccb085f29a99bd641907009c3ed39bf0433ee95c46c97afdec2d292f5bdab3d9f14435f7c363174faef662a953f7c11"}}, 0x110) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)) personality(0x4000005) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2321.419092][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2321.509187][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2321.547176][ T27] audit: type=1804 audit(1586453217.736:45025): pid=4805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2600/bus" dev="sda1" ino=17107 res=1 17:26:57 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000280)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000240)) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:26:57 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:26:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x14, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2321.889418][ T2522] block nbd1: Attempted send on invalid socket [ 2321.895687][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2321.908116][ T4814] XFS (nbd1): SB validate failed with error -5. 17:26:58 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xf0) [ 2322.118191][ T27] audit: type=1804 audit(1586453218.306:45026): pid=4884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2601/bus" dev="sda1" ino=17171 res=1 17:26:58 executing program 1: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000f00000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0xb80800, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000340)={&(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000003c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0]}) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r7, 0x8982, &(0x7f0000000180)) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="f80200001400000229bd7000fedbdf252304b50001001cfc79a3e931c06ef1388fe47b17646236c9a7723a5a5f2b3483e7c4cd255fcd0083f53b8ff0ab95ffc424e256042b2d296e2ffa5b83b1ffe506508a6c65ab7c7e1df9123665a53a26e681301735de93bd41a403082aa28eb913431d8923d39888cf97695b7dbe38eee227dc6e59f828c38d4885f3f5c4ca9f46eb67fa472b347d9452c2229dd441e941eabe0f6d5c1232eea3fc9ac10603bf7ab6b7eb7362b3ae6a22d0325572af978367850f37b30c37000000320001009dc89e57fac175060b00f514bbee16012dfdd1017da0b7a2e25ec6927f37b45667e333355f20b250b116091a43eb00006f0001003dfde048e8d7a9f3a43f8982cad716ae656b5638ace695ecd91430e5ae95b7d066c48a2197a4fce9dfca57041663aaf83b7898bdd315edf77385e07e5f9f5a591f358d39d6955ba25e5b1fddbb15215fd4335e9d61993e264c5dbdcca5356c719fd53d2eb633671770de04005100010040fd675c2ba5b8ee4286e65185e32f0bdfe6a1537c8cb94542fdc2e6dc6859ab56435401ff34b77f47b93daeddc420a8088e2ed06d2406b0d25f006713b8833f542556ca5a5cdaace1f533efa0000000f30001005ee54feb843c7ae99f7582383c470a09d3ab1f44b57b3f0d2cbd8c9b1204f7ec90cc0c39ccfbf39c9a603a496cd49d724a99167ce45501a61c41a354450d7fbb80233f50487e0509c1ee28c5dc75a46b0e00a1ffd46dc7c53287732391144bceb246a051573a2162544433cb64aeee726544542a5c17e4d0b4b20643e9bb99cc7c420853c2306b87d1c0e42a818a546a2b5a27852b294dc8105f7bdf456136489f20eea17c4cd0bcc8fb6fa50d6045ef4bb2ac0b00a29f72cc44936b8964a45f9e26d218f349a1b21bd46ca8fc303fb3a1d771c84936ee92c1aa004ab0b082717e702f2e1202f8b822b42e4e8d0eb3004000010016789a274d95e99b7433b90b0bff60e3d78384ed02e4e3da1da222772e7cb84702fbb2d8829d5ea7953f32cd60f3a537ab3f09ac72a9f395592f2c690000"], 0x2f8}, 0x1, 0x0, 0x0, 0x8042}, 0x8000) syz_mount_image$iso9660(0x0, &(0x7f0000000280)='./file0\x00', 0x6, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f00000002c0)={0x6, 0xeec, 0x1501}) 17:26:58 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="04002dbd7000fedbdf2514000e000500e4000000000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000004a00)={0x0, 0x0}) recvmmsg(r3, &(0x7f0000004900)=[{{&(0x7f0000001a40)=@xdp, 0x80, &(0x7f0000001900)=[{&(0x7f00000002c0)=""/249, 0xf9}, {&(0x7f00000003c0)=""/40, 0x28}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/115, 0x73}, {&(0x7f0000001480)=""/126, 0x7e}, {&(0x7f0000001500)=""/221, 0xdd}, {&(0x7f0000001600)=""/187, 0xbb}, {&(0x7f00000016c0)=""/133, 0x85}, {&(0x7f0000001780)=""/212, 0xd4}, {&(0x7f0000001880)=""/85, 0x55}], 0xa}, 0x3c3bf6d9}, {{&(0x7f00000019c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000004b00)=""/154, 0x9a}, {&(0x7f0000001b00)=""/14, 0xe}, {&(0x7f0000001b40)=""/128, 0x80}], 0x3, &(0x7f0000001c00)=""/124, 0x7c}, 0x4}, {{&(0x7f0000001c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000002280)=[{&(0x7f0000001d00)=""/147, 0x93}, {&(0x7f0000001dc0)=""/34, 0x22}, {&(0x7f0000001e00)=""/184, 0xb8}, {&(0x7f0000001ec0)=""/117, 0x75}, {&(0x7f0000001f40)=""/57, 0x39}, {&(0x7f0000001f80)=""/234, 0xea}, {&(0x7f0000002080)=""/18, 0x12}, {&(0x7f00000020c0)=""/142, 0x8e}, {&(0x7f0000002180)=""/250, 0xfa}], 0x9, &(0x7f0000002340)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000003340)=@nfc, 0x80, &(0x7f0000003880)=[{&(0x7f00000033c0)=""/78, 0x4e}, {&(0x7f0000003440)=""/191, 0xbf}, {&(0x7f0000003500)=""/2, 0x2}, {&(0x7f0000003540)=""/82, 0x52}, {&(0x7f00000035c0)=""/222, 0xde}, {&(0x7f00000036c0)=""/144, 0x90}, {&(0x7f0000003780)=""/199, 0xc7}], 0x7, &(0x7f0000003900)=""/4096, 0x1000}, 0x200000}], 0x4, 0x100, &(0x7f0000004a40)={r4, r5+10000000}) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0xfffffffc, @ipv4={[], [], @loopback}}, 0x1c) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x3) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r6, 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000004a80)={0x71, 0x7, "d7ab4587f414de5f007f9590bbc3407722865a3ed56f23b85deebc87d00c9c0e2d4002bdff12eb7b25d69f25f9a4e327beb4e9dec3537814f69f0b83c28281b6e8bbea98d67661f06ea6834900687615b61c2e17973b087b686d1e3f5f6a425a0de7da0bb28da81112"}, 0x18602) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:26:58 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2322.551511][ T4851] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2322.642118][ T4851] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:26:58 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) lsetxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'U+', 0x5}, 0x16, 0x3) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) setsockopt$inet6_buf(r0, 0x29, 0xee, &(0x7f0000000300)="5afbc3e56f0b9041777ecd8419ab9b7854792ed56e7b91402b66d14d6ef66344304f09c2f42e55f126aeadedb4279275cb0f77a6c3aa5c19d6243ccea765d106807d5ae32cefe55312d5200c705a10b5c084a3d585792f1d5e43580f8a98df4f40bbbf1979d1b09e0f91e49997835afca37d8ac502c0968f1d1bcb7aab7728557d87e9c6da7e3295b6b41a8adbf16badbd04340ea7f4b10e47daf268b7707be70abfa940bd61389cbbad", 0xaa) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2322.668950][ T27] audit: type=1804 audit(1586453218.856:45027): pid=5084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2602/bus" dev="sda1" ino=17066 res=1 [ 2322.679064][ T4851] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:26:59 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2323.228950][ T27] audit: type=1804 audit(1586453219.416:45028): pid=5231 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2603/bus" dev="sda1" ino=17036 res=1 17:27:00 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xf0) 17:27:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x15, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:00 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x608) 17:27:00 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:00 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x80002, 0x0) close(r4) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x1c, r5, 0x1, 0x0, 0x0, {0xf}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="080029bd700002dcdf250300000005002a000000000005002a000000000008003a002eff0000050038000000000008003a00fbffffff050096afc8af7b2fc78835007f0000000a000900aaaaaaaaaabb00000a00090000000000000000000500330002000000996b9d3bbb94244bd660b0fc8fe98e48a55a857679e7d46575170d60c27ab7e5dbeac11a5c5d248c48568b8d533a152a400e8395f21f0073127a56c175f46534dd80ad7d79cd3df8e8bc28a25bc028f168db0612228bbe420074e2bb28726388b351aed101b47308b1ff1cf5387320663549b37116248ab8f35308dc3420e695a2e9d1921e4fb68e9bf1cbc441a8098e7e32daad7ef2d5bf87b056569cb4acc294528c515db58ad2b9c95a8f0c7ba9312df8657d83a91781a8950cf98c3b29ed7d75a75100394038ed89f7f1b7a7aa364b3030d8f6ae166742603aecaf2dbb31511d5e894c51481a1e7762c6412b6b78ce0f7a1ded54651d85b536ddca434f29d57c2ffa3506d3e0d84460c00cb7f1d795460b4ff0d762d63d288478e4db3a853efb2fc7f142eb4566a2ac7744"], 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x1) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2323.985446][ T5264] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:00 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f0000000300)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000380)=ANY=[@ANYBLOB="2f646576238ec99936f0a490c85cb31190a30af6577f0364300069313121e93fe167b4b84dedd28a42901ad629c6df4e4c1e53681817f2629e04734ace3b333506c5cbb7e0e99178918ab3b66fb8df477cd18f89a11c74c38598d212aa9d6158daaf382718d68068493ba8214c60ad91e4cc7740fda113b3decb9a313bbef43260365a13381bbe73f1caac1dff2f9c4a45ac8cd8091e0783ee6944a822f865c8cbe52377c9dfd8030045db9d5da633160491451c06741ac742d88de10526e90a49da05b6b7b3ca855f6decd61b5b58d352b0d9443c2881441f004ac291b7d847eb458a3d062b9800b02bab7825f3270cf276f0b7b3bd060fbad46179af065455f669dbd72c62711b723f7ce1d856e7235c0d981a7ad7f3f357a022ecb1be90ac8ce3e04c9a7302c05594e52e34b826fcca93d10bc700024b25be1568a3fc949ecfb8ac5aa265043ddc3abc14716756f69ba572cb4ba7a85684e142f952a48cc704c5114c1ad9e6dbf7"], &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='xfs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$binfmt_misc(r4, &(0x7f0000000540)={'syz1', "a41e2fdca27f6a3c2b4b7be2aa0f0e994162b1c1578fbbd6f668782dbf9036b7ad6658139723e6adcd2ad5c607c1beec7724b7d2beb89563bf755a564060c4964fea8cf932c220f4297409a0df9836a25e6abdcb12d1387c63335f28c91b2f4204563dff8354f54d09e897fb34b68d5e8ac36b1deacba2593d58f584019bd1999ff6c75fca6b697aaba2e35d5ef7c2ed1452ea123dd20c055edad29f47cf43364892db70e2e166e4db3d29bc75350846b23622ceb87f6c58099e03cd98629b9436e788ff98d96be98a5391eb15d53f1d375affe7a3d8c41479767e859632c96113044bed93019b04c1e8a7f6a7763d4b99f44c8a541223dd406fe701f30b7d0c95ac6a0926c8a27052197d42247e7d017aec9f089e797157fe1358049a142e34204573e3e91527980f2910cf9cb03e16d97d38539b5f24af24fb5b24d0925d2c672371d9cec598da821cc1dae835537fede32f7615d3a1413caef6d1c30edd273f85fd0d16324700915ca323aa0cb1946c1de2d39479c8881131f9e5c3dfd74d38c8bf9f9143b79a0cde19509eb1e72c5a74e676b06cbe99f72181ba107f19e2b42e64a4fd9ad8252666e7b6ba50437c7fd86fbaf273bb44ba626795ea631b4b4861b1af7cf40010052c70cd69ed00731156845dbf3a81e1c39c2756d18f02ee82e86bebb8f5bbba84d55f39845e774b5549720ba92963230bdf77502ef318fc0002294ad109f8bf3cf73c33e3ca205f7c54f15aff20a1b9d1ff6a2b427c12446f2b33914f4ccc9c3fdd5678652bff897eace2cf0171d76f3ab8aceebcf97ea2325105d2fa6bb375e93bce9a87100b74ca66565dfcb2d0bb68aed0211deb67f79e1cbfd1f5800fcd8db791a1e0d1a71f8af046559dd2093e68098a62b3e1c45efac5317af67a2796b2e6f700a682cc4e71f09b7e5727a67610673559b062483716e76d1839d061e80e01c261524722784d72f9767636163b58868fb0d1ea9347d2bdd8f30ee7c1c42d515d9c4b78c2a60fb37f9c7b1e4e3d68fab171693b86a06ad9b64fc829b42c83a7fa854e947c17416cfba8bec5fa19955774a709c795bfde31b955ec100e3e60359cec85373aca3322d1e1ca3e62025e40c4d5967e5e574704548a346b0a2b0c63ea7f00819a4a9f6f12d66914604613bd63ecab2f8c138dc99a75d19d759958e1af5464f94417977edb59e41d49f4e4d13cc2a5051ca02134707c259f2322d4e5f1f5a09aede2e43d245e4b67d70ee1e5bc2bb50e06c865fdd42f6bc56a186779d92612f2f89ddb3219cdd91b294b910e0bc89304ae3471e3ca6944ef012993d2411d8f03e2351b465e83ebda129d9704d2856f306f62fd4b8010a9bd37a898fca93abd837e0065b5906c6dd770d2f62637217c23c5fb6fcf5210df32b95b1b814a4f235067e114504f67bb86c3ac4e05610a0568763145a510f84296ea21807c0d2ff84d4314984eebabc8a854c8a0c8cb8650a182822ce5d24dd6ca4e672ece0d2dc297f270aecc6114c4b54dcec833b9bc0f03701c320a5bcacb24cee51b73f7e74b237be25c00d4449f34c08178d031dd487df6451ac0c8ad62dddd85eb2004208cc66599f5128e709dc658f5213f103372b2df5c0d18cf74ab170417ec375e2257b497847447cdd5a14235a5d11468951f91942aefe00413398c90138760a993d89e79799ac840c61c14ab69d764f45e09f6fb8051db175403fba89f5528a5b257174ff95244a01ee3b3fca0b1225e5d1b81e178c6962f87e6946d23b9ee27dda3487137ec0a4daa3785a9cac251dafbb26b887ec9816989381c6ed1ad1066b45227e0c4a33f1c862f59d243a70f2ddf1a8b9416d17041fa93896c821afe6417fe13479235ab814e6c2407b761e040766848375d49651b2a3d79e2d076c2b908508c1ab1892db3198fc63e643c901a01afe1e359141656c154ad7321b714bdb71482482967eba293ebc5df3bc5b0f59b9feb1dac9d499dc3dba8f265580cbf11b50dfc7ecb1fef38880c5e17d44f230a51e3c8254e0ebd9e7317db8d868069cd8f64a82ba8ca39e931828074e4c4224f99f53f9aad0b4566663f367f4fc85a94f9f6d8e0be763963bbdb09898511545bc15ddfb4f727730be34dcb63198b49704f131ebcabdf6408a210dfff32c4b6bae2527de31ab674919a39ae3c9c036f69ff95a1a3c4270554634bba05d67f95d6e4c18add0f234fc54466026b3f504aea62988cf9cb62dcaed1045c63a8511fe03ac30eb66188bb6080267f2338ac2f64c7d0294cad99ccd7b1012530d6d8cdbe70c7bd5f579a26f6af7ae7bfe049bf134ef3f67ba700c21e69a97514e9829b0d589704740e3a39785d3a2c0e0ad2deb732915bcc79ff5e61782877ba9812c9cf15252a2e8926e9ba5d57f1798acc376f2dcdc6242623525cd33399545db85eb14a85aac3eb71779cc70f076c95e9e4ae15fe8e35ad3c7be32cbf3558bf60fbcc46d953e5f88deae47abff2f5c0e333ab1059e254fcc4fc154e18f29c7882216802e33d0d9db0f39d953223665fdb588e595bcb17ac5b7d90a545a386a090627860fb16f27fdc7b08500cea0f2e7c32eced33badd21af4233794007b48d9dae656b43115290fbeac3433f271551d02fc329acfbfac0ae32f3e52af0417413a7e2d04f4ef3ce172205f420d2d2413d8c1fe6508b609f7321555082be8fcf0e29d99fe309c8ece9fa55a8d62b90124d9a9920a0293a1f8f88a69d64f18eee4b4846006aeea43194299bdb5bf9ed7d521a1a5b30d7b35c3c3f79819cbb2d09a5cde7511027da3b7ce4a70a475450681b70733492af12af8d046361a64acc1c8a84839a33ab2c7f4aff578b1f248d657f72b0d943571e05e7c672f0d9d7c745e4ed858fd87e3062b963702d29a6791de14fb0cdaa0fe6d8d69a241f16a7072b812bf18399f57823f1c1e3d0dcc5f34efb255c6f39dbd468b83f36e45a95702182d7f44acde8b10495bb258044a4213fd60efd798a00bc31f5038cd4233e5ada088b1115a69016b1343fcc2c94678d45e37da67871f3121ad36c8650af26a852d71370e1702e9b84ee3966bc52edfde019f88b722bddd52ac998cb5a053ad4e1312ed45d2f568ac2dbf009cc1d872a3b1eaf10172ab69c3dfe6cda9c008cd0c54b118be118902e4e8233eff4695b9c77c9b81cda478ccfdafd9b4e507f5b3ed30329c80b3906be4ce806619d8eb4559ffb42b715f500242bddac778002dabd9f2e4e88d60372e044efa224cae15261947d541b5255fca553b51537a3c67d04327c929936776efb575073613327823cf00f3041f011cea2b49fd5eea2053584534ac76c35c21fd362539cbaf6d64f5554552ee74d2c21e57601ab093e73e11ca3603f10e1b6989d6d249299bff78a9e363396e56ce1be3c712ec5e511cf1a081da75cdea18e6472ef95dbbc923bbf542485c401a49c4d504ac621b2a6c3067b9b8e7f64cf837d6dd0148cdb0b821b8ba410f4578159291739f5ced633bc5ffb3de200805f651d84b3600360fa6fd3cd0d526af7db6d792fa26fd78371b2f82baaa0a357ffe30f78b8d55344257b106d8c6d9d49693573264dd58ea4c58f1da2a0e8424321039a31b9557887d37af0570fba48a9b8adb7ce1d846824c0850f5c076164a52c7a303822385d1f7ef817e61fa2f0c72ce6891d895cb3d5077ef49fc77593ca749b3e4dedb4f6610dc7939b04c6fba1af8de124bb28c68d93ce9e953941dabdbfcc5d839eda71d832e5edfffdf2110dbbf19c71740749b2af66ffb51f61241a7e625ae12e321295c2d7c269034303cc177d63cd2b2eccc01627abe0d7fc790ece8d4e51e606eca2f74be44652aa8cf8eed040af62d4a160ff49dcf59330210afd116fda4c79c1fa6a9a4aa4debb8979f2537738571fe65410201825a521c24c680a08fd1ddcd594d55fb0d844a32c1582dcb93a4151a0ad495f4ff19fba42fb79bfc035023ede5bc14db958c050f8596ed7a0d82f253015875f4ab5a220452ac248dc055150735d8d1c228725bf7e3eecb8490b35bd86ad9fda37eaea486bfb0033a4d6068fbd5163bbd4939a092ca8c075bf692a992b7763e78433c9524ed2a5226d25135e4c906fe62f32128e5d2d13bc71b039b411159fb0e9207b908c48852aecf4c1e7687dd932a2f0c450a2142c4c050f800320b59bf75b16b4cbaf398e3651c620c7e9c397667d003605e3c63bef72c453910f2b16d86787a791bb6dae876daed4f56d615889e712282a158eecbc4de009115ed3ca85a2684c3b992b0756c666cd33dc788fcf753daa692267e8b65a53c43f8e7c57dcda4b66c307fc99004a8a4fce2dac2f64ebf4019412c354a3d7f92ad01412182148f73ac1d158be8b5b533833862b855a2d58070d1821983b777f7529d4e50f8547cc27c9177d22fb3101e08801ac29af48c3588792d4307359f2ab953483e0815e747bdc4d4dac5aa678bfa320fff1543f94ed12fc07805cf18ba97c820d167e423794773389a844f493e996d4900eb69608c36b58b82f0f48755075bd70fccdd26965571a17af6a9af2c377642e7c2e9260ddb06c5fc6705b0cefe7557c9135fcb74110c3a3929872119fc46a421004d7657ab99f775e4bf8e2b51ea71dc7573e07744d4593f0479d7b121ba721aa8defa6ab5007b1a86b24f1959af3f39f3baf4c392477f0f436084059b1e286c73c222cf6f2bbf6ccdab0ad5ff02f2cf60c5a7e24239f10d4c37d2372eccb7fad62c627b2c43ac3ab36c3b3731e87964c9d80d279ca5a812ba039955b4abdaa44bf5e8c7054df995adb36735381364a0b78a1e87e9a820b94f0a95c308af1f6d199d91ec57336bb244c32d59eefb9a85f3b09e2b5323cbe4f5c6242dc1dd90f29380668f612b51f42f14f2a517044746b45a181512f6758ecd3e64f050ec6212cd0616c739100db8c6fd4c58cefeec81501625cb22b82128134956e6a3c78c463c1680e459f3ed65f0449acc5b0d909f2f92453f6060225a14b3fb9ca1e9b814f6a470358176271e0f6561e7f33d1431906a3a3715a8996e8f93145b97e5d8a591c3be5521ceab3df67fb5bd268dcf95f2fc4cabeb1606a7d398884a2cc5187b5dd1e83a939b18bcc22a38734d1c0960550ca12624cef421a729c91e64f961765c1da2b3b9b31423785f4fdd5eac715861f0bc44f7750799aa5668541802d65aff66da27c905ed6ae6bead42c459c0917199114e097cbf44780a06a09241a3e038c9311efcd54d4f9c6dbd76cb003e99570052d320d90d81b73f330b2521c6d24b308f908e30497cc46c591e43991a7a28a45dc49c1dfac3533e79368adeee01c55954f6faf33026e72c03febec498e43a5f8fd867828e61a549832439a41e7bf8902e8bf4ebf3134e9c0902e878e974f21d4ad5b732e11dc7ae91a96e3614e71ab668053deba50064406202c0efbeec056d47df615c07d4c52789a1f3cabedfd37953e835e28bfb6761b3ea24aea19dff4e593d0eecda2d26a9eb6a3dcf36b23f4f675636afe98ad3e63322bda433653150e134fb38b26793fc64dafb7708f52a94c01b70b6e1c534a52c57571ac2371097591c51ba0339a2c8f5dc0f8c4496bdd4143d81a5a772a0b33138890ba66dc835f0ddc4a4e7f75335c3722295a47a8f3fd758211a7ebb451e746b1e89d28e6c59b86948bef988875a2f61cd63062407ba90a50807c04f86709868222554e1c26374a82ab6e825fd1b59c5dc4fc73c7490eef103b976ad86a7ee9a2870ead2d610a541726a7ab041a38c6"}, 0x1004) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x1a12c0, 0x0) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40000) [ 2324.027168][ T27] audit: type=1804 audit(1586453220.216:45029): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2604/bus" dev="sda1" ino=17283 res=1 17:27:00 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2cf317000000", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$cgroup_type(r4, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2324.097102][ T5264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2324.175701][ T5264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:00 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:00 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xf0) [ 2324.456680][ T27] audit: type=1804 audit(1586453220.646:45030): pid=5520 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2605/bus" dev="sda1" ino=17097 res=1 17:27:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x16, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:00 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:01 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = accept$alg(r2, 0x0, 0x0) accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r4 = socket$netlink(0x10, 0x3, 0x12) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="04002dbd7000fedbdf25140000000500e400010000000500ca08000000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) kcmp(0x0, 0x0, 0x6, r7, r3) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg2\x00'}) r8 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r8, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r8, &(0x7f0000000300)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778ae5af4a09ca4e2c3baa3d73a3928d86a0ac11ced25f2060975d9cff179a237a35e806fd74a1b657809f150529f1ac201db3929e6a2e058cccf37c2852381db12e3a36a32dc8f47f4465a83e08be030ec198ea1f9d8d317671123de4d58c64e72d6f67082b1b32e08df9b95d80dc2", 0xa8, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r8}], 0x1, 0x0) getdents64(r4, &(0x7f0000000240)=""/170, 0xaa) [ 2324.981036][ T27] audit: type=1804 audit(1586453221.166:45031): pid=5543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2606/bus" dev="sda1" ino=17092 res=1 [ 2325.133874][ T5534] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2325.155928][ T5534] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:01 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, &(0x7f0000000540)) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2325.186468][ T5534] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2325.450325][ T27] audit: type=1804 audit(1586453221.636:45032): pid=5670 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2607/bus" dev="sda1" ino=17092 res=1 17:27:01 executing program 2: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x80002, 0x0) close(r4) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x1c, r5, 0x1, 0x0, 0x0, {0xf}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="080029bd700002dcdf250300000005002a000000000005002a000000000008003a002eff0000050038000000000008003a00fbffffff050096afc8af7b2fc78835007f0000000a000900aaaaaaaaaabb00000a00090000000000000000000500330002000000996b9d3bbb94244bd660b0fc8fe98e48a55a857679e7d46575170d60c27ab7e5dbeac11a5c5d248c48568b8d533a152a400e8395f21f0073127a56c175f46534dd80ad7d79cd3df8e8bc28a25bc028f168db0612228bbe420074e2bb28726388b351aed101b47308b1ff1cf5387320663549b37116248ab8f35308dc3420e695a2e9d1921e4fb68e9bf1cbc441a8098e7e32daad7ef2d5bf87b056569cb4acc294528c515db58ad2b9c95a8f0c7ba9312df8657d83a91781a8950cf98c3b29ed7d75a75100394038ed89f7f1b7a7aa364b3030d8f6ae166742603aecaf2dbb31511d5e894c51481a1e7762c6412b6b78ce0f7a1ded54651d85b536ddca434f29d57c2ffa3506d3e0d84460c00cb7f1d795460b4ff0d762d63d288478e4db3a853efb2fc7f142eb4566a2ac7744"], 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x1) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:01 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x689) 17:27:01 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000340)={0x1, 0x6c0, &(0x7f0000000280)="562198f826efa1172e4d201d8788f063666869465ca903503993be2a94ef291a3c9e65fb87287e3c0ee770804f1806588f86e9026272ba12003e576f7d326e", &(0x7f00000002c0)="253440a93a6875296f6b2c048a1894f7ade2148290c3d4c4eee2974177e0047f36805037df991d6d18e449c5054c2bc7ba21ecd194bbfd9b48c16da7a4f9a166ba56c47d9df34514aa0d41a2abd451171b90a9ad9ef0f9d3b0ac2b63b886544438b70992c3e17d5aea", 0x3f, 0x69}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c112900", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000380)={0x1, 0x5, 0x40, 0x5, 0x8, 0x0, 0x8, 0x7f, 0x6, 0xfa, 0x80, 0x4, 0x80, 0x1}, 0xe) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) sendto$inet6(r7, &(0x7f00000000c0)="635efbd1e209882ce1476a52bbf4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0x3a, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:27:01 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, &(0x7f0000000540)) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2325.832977][ T27] audit: type=1804 audit(1586453222.026:45033): pid=5681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2608/bus" dev="sda1" ino=17092 res=1 17:27:02 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x17, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:02 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2e10c84f5f2dc1b8999c0ff22c9b0000", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', r3}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:27:02 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, &(0x7f0000000540)) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:02 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x0, &(0x7f0000000540)) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2326.012369][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2326.069653][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2326.101708][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2326.181529][ T27] audit: type=1804 audit(1586453222.366:45034): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2609/bus" dev="sda1" ino=17092 res=1 17:27:02 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[0x0]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2326.291951][ T27] audit: type=1804 audit(1586453222.416:45035): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3438/bus" dev="sda1" ino=17149 res=1 17:27:02 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r2, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000040)={0x1d22000, 0x6ca2, 0x4, 0x1, 0x3}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2326.469443][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2326.491412][ T27] audit: type=1804 audit(1586453222.676:45036): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2610/bus" dev="sda1" ino=17092 res=1 17:27:02 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000e6df1c815d10e037093050860e6896929ee509ad75bb283acb507f69fe2b22a9d86674960bdc95b1d2fac5f63318d22770e8e92cf25129b0fbe5d5e33b8715af2946f0b8e03fb5110c2fbcc473f31888cb1ff609206a2c115dab44cbb4062f2854c58c278260db57dfaa2ca576372c93c7b41cc3a4b02375849fc10512aacc9bd2c95f83caaf1dd939dac24a9e1b83be074a", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2326.525202][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2326.563303][ T5792] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:02 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[0x0]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2326.668993][ T2523] block nbd1: Attempted send on invalid socket [ 2326.675339][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2326.765102][ T5927] XFS (nbd1): SB validate failed with error -5. [ 2326.945569][ T2522] block nbd1: Attempted send on invalid socket [ 2326.951802][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2326.970059][ T5925] XFS (nbd1): SB validate failed with error -5. 17:27:03 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x806) 17:27:03 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x15) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x1, @loopback}, 0x1c) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000091420002cbd7000fddbdf0c0800fd0001000001"], 0x18}, 0x1, 0x0, 0x0, 0xc800}, 0x1) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) getsockopt$inet_dccp_int(r3, 0x21, 0x10, &(0x7f0000000340), &(0x7f0000000380)=0x4) 17:27:03 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[0x0]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x18, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:03 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$void(r1, 0x5451) 17:27:03 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2327.853208][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2327.883707][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 2327.883726][ T27] audit: type=1804 audit(1586453224.076:45038): pid=6097 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2612/bus" dev="sda1" ino=17116 res=1 17:27:04 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x3, 0x501080) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0x66, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='1\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbdc300fedbdf25140000000500e400030000000000a4000300000008000300", @ANYRES32=r4, @ANYBLOB], 0xffffffffffffffdc}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2327.944601][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2327.968750][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:04 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:04 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2328.292848][ T27] audit: type=1804 audit(1586453224.486:45039): pid=6321 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2613/bus" dev="sda1" ino=17092 res=1 [ 2328.316042][ T6292] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2328.334545][ T2522] block nbd1: Attempted send on invalid socket [ 2328.341005][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2328.353017][ T6211] XFS (nbd1): SB validate failed with error -5. 17:27:04 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2328.455531][ T6292] CPU: 1 PID: 6292 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 2328.464246][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.474465][ T6292] Call Trace: [ 2328.477761][ T6292] dump_stack+0x11d/0x187 [ 2328.482216][ T6292] dump_header+0xa7/0x399 [ 2328.486555][ T6292] oom_kill_process.cold+0x10/0x15 [ 2328.491671][ T6292] out_of_memory+0x21d/0xa30 [ 2328.496271][ T6292] ? __rcu_read_unlock+0x66/0x2f0 [ 2328.501364][ T6292] mem_cgroup_out_of_memory+0x12b/0x150 [ 2328.506934][ T6292] try_charge+0xb60/0xbe0 [ 2328.511333][ T6292] ? __rcu_read_unlock+0x66/0x2f0 [ 2328.516418][ T6292] mem_cgroup_try_charge+0xd7/0x260 [ 2328.521806][ T6292] mem_cgroup_try_charge_delay+0x36/0x70 [ 2328.527456][ T6292] wp_page_copy+0x31a/0xf20 [ 2328.531996][ T6292] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2328.537900][ T6292] ? __read_once_size+0x2f/0xd0 [ 2328.542762][ T6292] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2328.548662][ T6292] do_wp_page+0x185/0xcc0 [ 2328.553039][ T6292] ? psi_task_change+0x1a4/0x2c0 [ 2328.557996][ T6292] __handle_mm_fault+0x1c5e/0x2cf0 [ 2328.563144][ T6292] handle_mm_fault+0x21c/0x540 [ 2328.567928][ T6292] do_page_fault+0x4a4/0xa52 [ 2328.572539][ T6292] ? prepare_exit_to_usermode+0x165/0x1c0 [ 2328.578270][ T6292] page_fault+0x34/0x40 [ 2328.582454][ T6292] RIP: 0033:0x4128c6 [ 2328.586365][ T6292] Code: fe 86 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 da fd 86 00 00 00 00 00 <48> c7 05 a7 d5 30 00 70 fe 71 00 31 d2 48 c7 05 92 d5 30 00 70 fe [ 2328.605977][ T6292] RSP: 002b:00007ffec2287dc8 EFLAGS: 00010246 [ 2328.612108][ T6292] RAX: 0000000002461c00 RBX: 00007ffec2287dd0 RCX: 0000000000c82690 [ 2328.620129][ T6292] RDX: 0000000000c82690 RSI: 000000000071fe70 RDI: 0000000002461c20 [ 2328.628208][ T6292] RBP: 00007ffec2287e10 R08: 0000000000000001 R09: 0000000002461940 [ 2328.636180][ T6292] R10: 0000000002461c10 R11: 0000000000000202 R12: 0000000000000001 [ 2328.644156][ T6292] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec2287e60 [ 2328.657763][ T27] audit: type=1804 audit(1586453224.846:45040): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2614/bus" dev="sda1" ino=17067 res=1 17:27:05 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2328.885399][ T6292] memory: usage 307200kB, limit 307200kB, failcnt 7169 [ 2328.918580][ T6292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2328.927172][ T6292] Memory cgroup stats for /syz2: [ 2328.927434][ T6292] anon 284512256 [ 2328.927434][ T6292] file 163840 [ 2328.927434][ T6292] kernel_stack 2617344 [ 2328.927434][ T6292] slab 5423104 [ 2328.927434][ T6292] sock 135168 [ 2328.927434][ T6292] shmem 245760 [ 2328.927434][ T6292] file_mapped 0 [ 2328.927434][ T6292] file_dirty 0 [ 2328.927434][ T6292] file_writeback 0 [ 2328.927434][ T6292] anon_thp 266338304 [ 2328.927434][ T6292] inactive_anon 135168 [ 2328.927434][ T6292] active_anon 284483584 [ 2328.927434][ T6292] inactive_file 0 [ 2328.927434][ T6292] active_file 53248 [ 2328.927434][ T6292] unevictable 0 [ 2328.927434][ T6292] slab_reclaimable 1216512 [ 2328.927434][ T6292] slab_unreclaimable 4206592 [ 2328.927434][ T6292] pgfault 258588 [ 2328.927434][ T6292] pgmajfault 693 [ 2328.927434][ T6292] workingset_refault 1980 [ 2328.927434][ T6292] workingset_activate 726 [ 2328.927434][ T6292] workingset_nodereclaim 0 [ 2328.927434][ T6292] pgrefill 6611 [ 2328.927434][ T6292] pgscan 90199 [ 2328.927434][ T6292] pgsteal 20329 [ 2328.929625][ T2523] block nbd1: Attempted send on invalid socket [ 2328.933210][ T6292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26763,uid=0 [ 2329.022953][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2329.049820][ T6292] Memory cgroup out of memory: Killed process 26763 (syz-executor.2) total-vm:74704kB, anon-rss:4256kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:0 [ 2329.096110][ T6211] XFS (nbd1): SB validate failed with error -5. [ 2329.186289][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2329.203905][ T27] audit: type=1804 audit(1586453225.396:45041): pid=6347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2615/bus" dev="sda1" ino=17067 res=1 17:27:05 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$ASHMEM_SET_PROT_MASK(r4, 0x40087705, &(0x7f0000000300)={0xff, 0x3}) r5 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4236c050221afd5ec10bcf4de45c608a6505897d7c91fdd69aabe42ce594cd4805b34de2a469adbc4c84ef6e4234921302bcd47096d335c551e3f528e4a0c90dcfe6a960aa110b2662a159c130d6120392101ee0526bdd0a0db066d9de68bd2364010d06dc509c9117b0269faca597e72c0a9a74d90500e49d7cc7fc6aeff5f9e852503b1f4f457a8501697cf55b94f0bd3bd779ceef", @ANYRES16=r1, @ANYBLOB="04042dbd7000fedbdf25140000000500e40005001301010000000600ab008d7273098f2aa5f456c75452618b8869aa7f4aa0227a41cbf5aec71fbce949aa6f684f51184f663b19b88f63220dddebd7192e7dfbd8"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r6 = socket$inet6(0xa, 0x800, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) [ 2329.262709][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2329.330693][ T6094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:05 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xd00) 17:27:05 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:05 executing program 2: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x15) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x1, @loopback}, 0x1c) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000091420002cbd7000fddbdf0c0800fd0001000001"], 0x18}, 0x1, 0x0, 0x0, 0xc800}, 0x1) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) getsockopt$inet_dccp_int(r3, 0x21, 0x10, &(0x7f0000000340), &(0x7f0000000380)=0x4) 17:27:05 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000040)={0x5890ca647cbd973b, r3}) uname(&(0x7f0000000540)=""/4096) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x19, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:05 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0036c6", @ANYRES16=r1, @ANYBLOB="04002dbd70010000002514d345cd9fd0fe0000000500b627ddcc8700000600"/43], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ubi_ctrl\x00', 0x0, 0x0) fcntl$dupfd(r3, 0x406, r2) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) mmap$usbfs(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x180000b, 0x4010, r5, 0xffffffffffffffff) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(0xffffffffffffffff, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80400) [ 2329.846209][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2329.876577][ T27] audit: type=1804 audit(1586453226.066:45042): pid=6479 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2616/bus" dev="sda1" ino=17124 res=1 [ 2329.893872][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:06 executing program 2: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x15) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x1, @loopback}, 0x1c) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000091420002cbd7000fddbdf0c0800fd0001000001"], 0x18}, 0x1, 0x0, 0x0, 0xc800}, 0x1) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) getsockopt$inet_dccp_int(r3, 0x21, 0x10, &(0x7f0000000340), &(0x7f0000000380)=0x4) [ 2329.947516][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:06 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2330.193533][ T27] audit: type=1804 audit(1586453226.386:45043): pid=6601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2617/bus" dev="sda1" ino=17124 res=1 [ 2330.223712][ T2523] block nbd1: Attempted send on invalid socket [ 2330.229982][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 17:27:06 executing program 2: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x15) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x1, @loopback}, 0x1c) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000091420002cbd7000fddbdf0c0800fd0001000001"], 0x18}, 0x1, 0x0, 0x0, 0xc800}, 0x1) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) getsockopt$inet_dccp_int(r3, 0x21, 0x10, &(0x7f0000000340), &(0x7f0000000380)=0x4) 17:27:06 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000003dbbe7f96ae1727da40af9a6d7ba63f4a5acf6d1f2a86d6191128f75700dc9ca7716c7db2b362be2445ac3577f7f9a67b27bbbab1fac79c34993ca480d2a5e8587c161bc3e22036204dd6ad8317f1cf2c97a08e52ed578f4919bfed676d13d6f8f475350375ef3cd87f3db879b737430600aa4428927a8810d2bb026badc5a2740256fbe109e91424972a114db999716444aa1b7539c3ce73587c99286be5ad962e9c45f822a06f4e446b09c", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000240)={0xa, 0x4e20, 0x8003, @rand_addr="670000594c7e614d4b873edf147c47d4", 0xfffffffd}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000c40000e56df42602b40619c6a6"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500156a", @ANYRES32, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0) ioctl$sock_inet6_SIOCDELRT(r4, 0x890c, &(0x7f00000003c0)={@loopback, @empty, @ipv4={[], [], @multicast2}, 0x7, 0x101, 0x63, 0x100, 0x0, 0xd00008}) [ 2330.253992][ T6595] XFS (nbd1): SB validate failed with error -5. 17:27:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1a, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:06 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2330.651582][ T27] audit: type=1804 audit(1586453226.836:45044): pid=6725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2618/bus" dev="sda1" ino=17124 res=1 [ 2330.990836][ T6690] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2331.028668][ T6690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2331.058461][ T6690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:07 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0xe80) 17:27:07 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$void(r1, 0x5451) 17:27:07 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, 0x0}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:07 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r2, 0x2468825185d9173d, 0x0, 0x0, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @link_local}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0xffffffffffffff60, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:27:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1b, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:07 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000040)={0x0, {0xf67c, 0x2}}) [ 2331.738142][ T6753] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2331.745352][ T27] audit: type=1804 audit(1586453227.926:45045): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2619/bus" dev="sda1" ino=17159 res=1 [ 2331.785420][ T6753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:08 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) userfaultfd(0x0) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2331.829147][ T6753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:08 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, 0x0}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:08 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$void(r1, 0x5451) [ 2332.019520][ T2522] block nbd1: Attempted send on invalid socket [ 2332.025975][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2332.039115][ T6877] XFS (nbd1): SB validate failed with error -5. 17:27:08 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r3, &(0x7f0000002540)=[{{&(0x7f0000000240)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f00000015c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/104, 0x68}, {&(0x7f0000001340)=""/124, 0x7c}, {&(0x7f00000013c0)=""/244, 0xf4}, {&(0x7f00000014c0)=""/216, 0xd8}], 0x5, &(0x7f0000001640)=""/196, 0xc4}, 0x2}, {{&(0x7f0000001740)=@generic, 0x80, &(0x7f0000001940)=[{&(0x7f00000017c0)=""/251, 0xfb}, {&(0x7f00000018c0)=""/94, 0x5e}], 0x2, &(0x7f0000001980)=""/96, 0x60}, 0x8}, {{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000001a00)=""/159, 0x9f}], 0x1}, 0x6}, {{&(0x7f0000001b00)=@nfc, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001b80)=""/220, 0xdc}], 0x1}, 0x6}, {{&(0x7f0000001cc0)=@llc, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001d40)=""/43, 0x2b}, {&(0x7f0000001d80)=""/110, 0x6e}], 0x2, &(0x7f0000001e40)=""/178, 0xb2}, 0x6}, {{&(0x7f0000001f00)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000002480)=[{&(0x7f0000001f80)=""/95, 0x5f}, {&(0x7f0000002000)=""/165, 0xa5}, {&(0x7f00000020c0)=""/232, 0xe8}, {&(0x7f00000021c0)=""/33, 0x21}, {&(0x7f0000002200)=""/180, 0xb4}, {&(0x7f00000022c0)=""/132, 0x84}, {&(0x7f0000002380)=""/222, 0xde}], 0x7, &(0x7f0000002500)=""/50, 0x32}, 0x7f}], 0x6, 0x40, &(0x7f00000026c0)={0x0, 0x1c9c380}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:27:08 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r2) sendmsg$unix(r2, &(0x7f0000000400)={&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000280)="67827e9400c366bc08601ccf73396c026e9edde7d6fb7f783741a5867a298e2250671ae19b9908ba31510c95b49a6abc72ff01a3ceee9f9a750f310fc867b4e94e5ddea3548089a669bf36112a5b389fcf7a9322fda3ed1044d30fcb33be5c5c5c", 0x61}, {&(0x7f0000000040)="be45dc5d642d3cd7e638a02f913a0272f72ec505effa37058e7be486a47c2b1385dab8b1f101bf4479eb29a46db90cf913045a8610", 0x35}, {&(0x7f0000000540)="140b4de2cca9ef0c1d49026934dc93ea3c8dc1e5c8a43d7eab603b1e5bebfbc1efc82c7f00cc8b907e6187be0083e0e9062cc45a9508da58fdbf5a4d81e68c0f697fe8f451cdfea9dcdcb5837da197877d4a8057fe8b2e342c2b1491032e5775b76915e6fe6ac2e5f8dc535b9b51974bc531d22b9ccd6a88f8b91f2003f674af358bda8b35a1ad4d4851ce4c41abcd559b870dbeeb431649a766964c87778c69842f098e59d7ba5453632c47ab7ab5035b2112456861d023479a43d557daf9e4b468d17c330d2aa1836923e0f5a56c1723ea9141530afc905c38bf9d063551d36c9252d78e3a6cd95162747f3277ade453c948d916d329cab950cf09c41089148f5b075cdbd7875751b159f723011220f2ab562fe3194d0537ac31fd154975082fdf3cc561c504461b7e974d8205359d9f27b87a66015d11fc2aed878d8de209716cd00e0b142f451089382a9f73b1dd6ffa3d4d27662b4966e4327da6a9a7fbf70c1417cdf95c6f831a3902c97c9d8436fcbd3d85e4c2feda7903e3f0fe3fa4de9b6b75c3cff1fe4c69195ac6c1438d0fe74391057f67a3186ccc1b2d1762efa57a677a1f23ecf10b5d9b7dabeeeeb6c013ec7eea053f86d3fee7c689ba54a9740a8279c7e6f6d0e7ad564b3574a96c1e216b401b11f4019c03e15b219b2be641b20de2a96dec982965f3f0ee13ca066ed64fc5d68fde3ac8f1fdea8f6386754b08b29736f5767d4b43f738c8fb22b470c7fbd7d76ffa84fa3fc29ecb32cd45de4f08b394154e0b4a130a962b51215c41cf0fce006338fb75e0848748ba0ac31984ae5df69114e2ecb5dbde884cd15cf49b103ec8170d424a6b1048cedd01c5e8bcdd0af617724892684e67593993e488b9f1dcbb0b7807d0be3894eec43e8c4c637bbe091174405f61380367d0e746d0a3f5007d9e27efbda7b79b4053d0ac0df7dc945f0329437fcdef4abdc49fe03a25d166064e57191c20ee9eab0363a51fd6f9eae9adea376226598217200519da47361f47316fef8906ce5942a923dff8f8aca0e1c85e3c536b4f2306eef1c76e4e70f826bfb794fec0b17a687b7c4f357765a89c91e3329ef438a9644466e2965d4d1bf90719bd188e194f12c1e0d71c42432fe402117dee1e1fb843374af03070915bbd91a6ab440ab111cb7c258def93a79d086d3d895ee960b6fef69e5e8c625dc5301f5cce33bbbea0ef126160b8fcf7ec164f6f5ef4a463334ae0fef4713febc123431ca9f5c36663b0cf41c3c3c57e53a1c0519386680cbb992362ddb405dde2bf6723706b4de9c59049d959b2a1b20115ace43879f6d2570ef1303fa74a4403fb8a4c8f28b24a95f365bf96ed4e3d9f6063bddb345522b81b49879aa2dd137fceacabc5b1650a498057c5e4b545bcf9ef3830bc59a360941b853733c63b8ab120496b77a820877c3a69de9641d5c98f1b13b1c2f19a3d5d6856313d6321f650addc17b63085bbc163b9eedbec19d71402efd8006b6fda4ec3bc2dfef888825e40d903ad81cf7940546f1d8ba23d523ac9a929d01038fa9f24968293643e587d2ce7a7057a5bd3ef19856cea673ff994baa79da8112bf3869b11c6d228b3d3cf5c10d46a9eb6432e651726dd4379f280d7714f66bd005a92b5d22b8293d3937fb6d9bbc6740bf05476a4e77c616262d374d4490f25472b711261a5cef4c3e07a1823ef2fa4893fa13410b719fc85543a1a6dd3def87619a4ce8749484fde2bf8aad96b8e996de9107d59d6d4fd1d9b1d9143ec0b26ea68711a689e9587ab463a981628ee64103ea1e7ec32442aa3d0e9b4498ceb44976a4541d94919bc133cd0de732ccde2e039e960ccfb51135d0ce0fe98137add8908d2e268d2c82222391e4671df610739c91cf8e79b25f7a52863279f165719d0f27f2f45368bda123679fa803d2890c2b3631aa0e6b80bcae6f40e101946fab204383380670348b45bf39bd364b6362a7b06487ce8e3146ce3b8d16d8ec288bd6f8665b007564dd4d5af117d1c93706e11260eda601a153a709cecf46319afd4c1ef4a150374debf2793f3d0a27dcbe4e81b8474c25dcaecb0f6c98882e3d407bd898233042958e846787d3617c9a25fdaca730f4a0d0dce32ccb9fb6df2f6a5288334df378bd9da005b84b5b358580faff9bbf4c150373aac5ce77d4fa1e436674d93182cd98f6ea7cb7301d9b59e8f2c5daa01703668f9b29d339b4f612305995533e7669e2e27dddb8caa5dc5e0e8d3892aa74d880edf1c2957762d380567cee4a2301a6261815649ac9316be77a14d2de80edb7861a3a2528cab422fc2ce1f1cb94cde49da011b94d026c749ccb57467f1215b541c20c95de373d3d02511793fc3767ae16b96ca2392d41b0f9102fdc3f6833ba994a00f9e593a4d2ccc6b0e35bc916ec4596eb89d8494f9dd7583c3db74b6ff6ab4d854e23a9179b3a9bf6a832c4b46eb119ebb0d079df3209a173523a0a81048a24b681de9cd9dd4c9fcf18f9c9f92dee0a14ee8a674c2e1fde6f99e281b5b99ee3cae742fcec5d99f8481c25b61c2b61418b4c57fd6acf32b24d89c5d4a32285ee4a9c13947dfd12cb833fbe4f349c01593f25c769f29e8ce0d1616ae0abb63bcca446e1e78b583af495aeef1c83dd533551ab5407f6492494408b6d0d4744505326b0b93397f5b56e2e68f073227978c9e7380c6b978250ffbb87fe8b59df1a6e7e1192ce4a1a5d3d58857d0c4ea7e76563e0fcfc2d5da09ee2e72265e9b728694faf2c2a82c35e084812d082d0e15bcca19091f9662deef7fce29d6a349798f4062c6ae9ddbf4907abbf75cdcb9481e0fcbefb59f47b0de24c5b3ff152f5b57f4578d7a95607bdd099e9bd3a7ff5d1d78fb7a9a05600e43db23ff6afcb9a818513d3add098e72b6bfd644b32b8f3a5816cfa245d24b90bd879f06361dbf8da3c40f7e4d02b980fae8ad5acf61738b11a45c27f8501181300783a70a2f00578e475fab58e391208ef6914af6e695953ebc25c824d2d10e935f4215e2b219750fdfb101328f2149c8b0919ccefcad04b4adfedf0c6cef1dea833f9090776990913e3ba71c151a9c2ba851ec674e53cc1984c26dc389a9818da75eb2ff1e4cf95e93809586fdfadb42d8d2d0a241c1fdf4dddea785d967a3d62db16a3ce3a570b95f1ca5b462c525ad0e9b8876b4ec247baad433ed75e7a7a905e1ad19b730d668e86cae63896f6cc1576388297af79bf22218e96196a4f17edbcd941e0f5193fe2c1754b4e8322c795210df91d9c11316d0efc1cfd6e703f57a9b4afab3964312adf80933be86f44f280bcc517c09d02b5ed1161c40225498300b4e03e0aa16d67ac145f49625da7e219720469d0de1f8dc3006201ac58e068895b966517f83d1ed305596e9ab719314229d76a5692d8ec3a431d8df824d6da14defe600250ce85d6f3726ec3d1bd61e7e2484da377f23839bb14646fee8a941bf00f622b20f965df2e1e6790d59cae7954f7b3df3804e7848c015eb8f431f4b8ea3a51787c72f5fe971e00434bd85bcbdb89d647b310e2de0e25e2d88d521658e833d13a6930b5cc301178e1abb7c325cb2710436a72da6f83c703964795af0c98ae7c5ed7d2fec14db918ecb8476ff09d5c22d240e5d173536eb17c621ab487ce782da52505378979d5fabca777db171f727b3fcb553dd9caea97a6e641815db0be181d860c583eb4cab7cbc005e37cbdff6023ec78ed2f45c4b55a469b5a121011d0045263235170d0fae8c7b4eddcc49e5f68bd899a18f7627e27968f8331b58bb36320cf29d42f23392607d351bfb1d515a8b37b145846787376e6e225ac689548431c6c7822ff495d7668cdf3a8cb5e68cb8f1cbbc2617b3b788a0b90dfd780294b3025f007a7a4f373458f4b1e75da0531b3b742d3ef6decf221f41c54c4d2f07f40c7049d4fcf878c9b37e7251f5d291dfbf17cdca878ac110a862dbe55cd0befd943aad3c7e396b14a7512dc16ccba8c2e15b0e9399b4f931a1b2276a45b9689dde6d7abcea98b03d733047d0f29c6ffecdfb27ab85134752747c5f5e8bae578a649dbf8c003818e730bc7b9d0486d91cca83de6c4de24f6d3adb2bcce9ee47953cf4a526a9447e821ebbc681b2dbdf135bf722f7e7e4f7b182f6e927c7fd7c399e8592aac234add7c89004ff6cd5c4075e6bc4b35e3356e6f8ad4169fffefb7162b1738a79fead12ed8fb97a0c2662662aa3f8894f0e5a666d1574f4f307660f89defc11bc005e291bb5dbaa741d6bc241c604325259d284a2f942a1ce5ec55f0498e36565e21cebf83dc0ead127678717900cfb1b42f66173f53d72481884a1761d0aafb000981ada8ff82a6099c33e4c0d836d526ac8af34f2e0d166835370f2404480749de9b7b75d6fdf08a9359aac0b4d5d1b1721855ed9beca0e0642020a2abe29c3142d02cfa6d912cf8fe4ffb70b95fcfd3a9c924220860685c973564cb697bafedbadd4e43ae4018e161355f35329dc11c10b9f2e6638ad048d2d3066d48fbf5692af6e2f3367e04f7af9318c7b2240533da312f0de6b10e1eead25cce157105edaf056442f782060013cc30034a6cfd6cea316c88eb1bb980c6c889960bb0698fd9bd6b44ae1bedae9933ea92a6e73389f79c6214fd03366aa5078b5de08f766e4b94fbabef55ff229e9fc10491d4bed9d508a0e5303493e55592e4e9ac00090f3a98340ae82f258d4d0756d32432162688839d4e88d702cf54cc69e4d87fdbd8a9f20a4e5da3d71b99e8ee4207f3a5e44c008f87daabd0f109d420af6e04a5594e0d404d02bb49ca0e6021ad7f445b38424d565aa8c35e28e8d793964481435694e44e470e2f2d22e8c55b15a4a316ff70d4f860ba52abaf6b4f1c36d101475c2fe7fd075372b4a748cfb2b8e8014d29de524eb8e91f38ea7055dce4c0823786c24d4ce6b7b7096ba0a77a8ab4ea5f3ad482a326ffb620ea79778b7a65b50145450c1d28e106496771fc880bb57a2eb8faf1ecc9d72a9bb562331c43bd531a8e6764257264e3d092ab1aee37991662abccab2fdfb28f45eee9b4cae83d497499aaf3d1ac7ce1070a0bc83d147230f0fea591698b5a276fabfe45a546a440021c091a4eeaf92018e98b88d8ca37fd9578f0e4119e686a99b3719a326c885e41c7a2fb945b8677be47797b4d217f1fc8d4cf553ca414373cc20415c1f2486a5464c9fff655dd5eccfa6ccd986bcd29a7efd188237c4414975259e7f96f6dabfce58aec5adf6ebaed3f09060fd10cb2c2b96485c598e3f46318c769626e9b7432900a0b5cbc4a0618273a6bc696448055d15fe67f55472013a0a11562e40654c81a1812c6517708a7822fd8bcce1826d1120f47e280a3c14f1c4a7869c0f7aae359afede51347dc124b488b0ade77c296e4bf86620c236302bb6507e903b8aef401a120fe2751c88f59ab19b815453aa65edb077cccb83661cdd2955e38d4dbc0dabc00d607a737d5f8dfd8d85c2dd7d9f9b87b3f4bfe3f8acde106d6c959ae5bd11dfc9000e4679d385332aec441373816d043d0c4902a6d13da6e64e921781ef36cf35014d349c489d96af8f6345e90ecf8573e7f3cd01e21b6c6b260dba8f251d1dbc681101b30314b3839f153039038f60a74358b3fbbe70329b56de5a20c00c6b4c2d8443dbe6188f916e1a2f6bc74ed5056057fa83ef0fede020b1797d6eac59e3d7d7464430c75fc3b17971d4448ff108370b412b802c13c0f9ddf5f82f0fa0c4f35f3687897ec0d2151c244d4c1abee96de3270c68291256fd", 0x1000}, {&(0x7f0000001540)="96931fc7d29c33cdeb362ef92adee07e9d8945457eddd72b308d126941dca468ffb6ae8306dd301add3ca5a9103a30394cbcc98dabd2232ed482bec2c95af3856316dedfda42fdec235d8df4e7fdfbc5a188c4dcc42802a4686ed1e1aec0db5d0d31ab1f05da5a73478dc0782d71a2276c484c68eaa4c32e5b2cf7eb19d46367aa9f7473227af45b9a9aa9f90ea6e7121f335f37a3efbb9dea1cb8da4b25fa4db33348a65fabd39773552505b247dae86cb660358d70f80ffc2875afb5f5c075b7674d3b633544c929bce9739df34cf77b872e90a71820bc69ce46f6b98b38402cf3549efe23b9141c118d11d1c409208e776cf95333a667130015e6bccc5f4e4decd08aae0e44aa800fe57bbb45bb680b95fa141b449e6dd8fc8c5d398f2b611f1eb5ab5cef67504d2d18df4ac449b588f435d68e43f222de85c341b98ae865d34a9b1bc1299347e35c336ca9468462d15c7cffa2107328a374dc1d2f72ed3ce0b497a651e1b1f83e19095336026b414abea978ea8940775070e3a4057b2eafd22d56ace25e2222bb59ba7dadf6510303315368330673a13aaa08158ea98ba424fefc5f45ea688e231d47a41f5e987cbbb87054ef6251a5d5193c7398cac9ca1e3cec6282c20d40ad93d70412fbdece453cda352e313726e49627108158837115994496a2a9cb23d11c52e60ceac43bcf8d9a98f6b11e77854eace3f02ce4ca2dfac39a7d960f8c7fa3918301ec38279c23f230e1a89134b96df0062d34c329146578d1ec6288ce3438c03dd6ab6470f01027ecb69d1be87c61ee11bc3fbc78c528b92936c4ca7ba09e58d85dded83580923408fee835fc70f6b33021b43c1af5f0234f9cd5de5e5ed26d06fc0ff08ac525f91684290de18551824b2fda6a6af8f842af551aa31eb3f61af3de35b47a6c9cba017f068df7a57a1b84d8a17cb519e2102dab30f297fec79fef138a6f2d2ce8dbc188488ed0fcf5fff565fabca6ad67d7762e4ad69833969169e53af136126aa4d70745f0686ca57ef0d97662886eb9b0fdaf238dd1c18e8f36b6686aa2a575d0e7865e47b54089f79d0c0638786e1733fa43ca4991cdaa535f2bcb1451808d30510a76a60bb5f4524679c162f08ee95e55652572bbf0a3e18df9792c3fb142f61fea0c1ff19d7b2e79c90feb916345af251070b237f90973c0d5c6604bf032220c5ddd2bde7bb58514a5bd2c2521501ce3174392b50c56726f76dd1c47b0f0053f933a43b65beb2fa696287110a97ad15605ec795a0f9e31cd107990f35e2ecfd0f3473c81a47737d37ec79b88c507b77b2a134e7154d8e7c5ca5c034d1296e1b23e1e58960bdbe5ce6100c64fe2c48e2da33941cdea064835f7d03c066556dfc2ff6fc12609163a96e513eac363691787352968acc127222ce72a7966bac221e30323c4c77cc9a41ee0420c8ea1a2d516d1eeec6ad3872e16fca583f330df6b235c95701fab091dec29f495328e6cefb31317b6549f8cf965415890a72d691f8d869c4b575218b362e57ceb42d8f5d998c9b630f00eef613a648e4abb1efddda5d72ee73786a6ed63ecba908d46b4cca0a36c6aab810c398601dee5c9481480fe8ca8784c23fc5c9fa33a0630ac28c2f2a11c0977ee1b290652fb986121d06787f321d4f6bcfeb0ee0ccdf2561c18580694bdc2dd20fc5095b256fc1b1bfa10b664600fbf67080908790777f93d35e57e881c7db76878e1e2dd528a8c75dcda1256b01bc61f6d517710623b35ffa70635dda38e751c230a19cc9a8e565f1d6b968ec2210e27ddabfacd63df9348cbefcc14f6bac38f1bb9b8a84f7039767d645e5f60bfe85fd27d9310b84b305b08569a6d322ea3b63c7303261a2ba89d3244f6f9048023f91d7dd2dba4e1fe60dd67ceb1136e0ce5e24f6aca501f90b8a9dc5ff6106c707a058d6d419c06b9d251f7217021c0b5e1da05182e010c111a7605d7164a781fa0d452b34863ce73b3a769e623fe6469ef048a5619d079b872a248acfec00ea6f31c95f3163d8cfba7d0f678f7a558ce002fbe86b46c19e2883e25b5e3c09c3d93a611f653df7b1e6c38dd28faf6161c15da777fe5964e27e9437578b8cbd3d9a3981f780a4e6233074632e0ffd00b2a65503a62f0a0569a63cf77f97c1a2432ec54f688e06723535e179996a9dc3375e60ea27657d0b0f1292a7e2eeb6d8cc59e74e91bb86f9e52fd05aa0797a02da9eea70875644dbfb1873aca560a2e5937baf0d3591711de8e11b4ba792061b1414a1c4964fd550b9bc082c16af275dbead68a0030acd7dfc1338dbfae4ee37b3ff8a81b8a12c49037993e7554b6e0416cbfffc62f0dc3339a7e0a2a19efcc9f17ac9a3a940bd80afbddd234f0836e55b682a36670d3051252ad4c3b12632fb11c965457f98161f9abf98476cda7dfdcdf74ed92aa4145f95f9654dec8214d6b1e4acd2d12d438a8c432ed366ad072433918727a1bb9ecc6fa50ab351694c243c2f4cd9f7173a2b084046fcd2601d4c7c728153e462fe2f772b2bbd50bb73ff7452e3deaa9dedd833e4d6fcdfdf6b99c9b7ef0171c7dcfc9ee270ea8064b6925f53e8056c76d43fb132ed81801b7b2674d17401f18d79f82be588e70a7f998a3765ac4099ff3a5683eac7d4b483c4270d81ef51716c8dde95467b04fd561ac396a058f42a87f1c11563e97eb1e0e0dcbda12753c2c435ef5eb3fefd9e287e583f7a93202ed4a386bd1cdc200231d6fef9935296d1639edd76bd944a1e504f17b3b98d10d31c0f296cafb89ac3222cfa02b2223c19996881accfdf1a6e6ef6894beb97a06c0ab4d5614d69c2bf413996d0cf39d817575a3ac5b6b9bd3596835dc333ea3c893eb33a4399d985834d7a26836df89c0b5afff9e5755fae7c5cb5aa2c7f6e69cf3b348c57fb1d771b9cc547d8bec3f333d885afbef762b97c8f40dd5b275f56ffdb2ccf7b3329c8761d11e42c88e5df86116d076025961b817d2c3ddcc9d51a210b92e3ae68ed088ecc11eca90cb514cea0716f9c7554513f42570b856e7c16c6ee778cf127ee5de3b43ed71d7dfefaafa171e6f0f5be99f83be3cb7ba821beba07a020f7d260a45e310e11c3de77c8c1afe28c77d86873c2185cfb039b57f8e6a6c448998ee9baf935bdfdb52c59902ba089fb4c958ba38fa159d0f99d43dadd45d26bfb40a72465dc630d453bd7faa1484dfe8d51e00b61ac1b3b119a72d318c4e809f892da08c56c8beeb5ed6a5139b99fe855186d8abbb6488bffe8a36834216a8ab98dccbc88ea4a83917b58891dd38ada85cd490a092073872c75819520876301f2ddcac95683b3847ee24ef1029ea78c7475e67b31c2315e036952dcf6b03c7557b722787b9eb998a05e2dc98d2f2b1a0eca264dc402cb963f9cdb5fa2bc78a55473623430aadc20b3646fedde93db067f62127ec2aa468e3af5835b6183e13329ee773ea56362589cefba134c33ffcc1670b96b13f7cb4577702f11c80c0676773fbd1d07863f5a7cf2fcc9657485598f0483d71103f9449e0e2084281d719f5f26144d94608e178220e106af0325312ffa3e454cd424a277d86c06df44defb0b6981f23d489b04ce64314436b7a25ec78cece86904844f98430e4d6d38e2fc980db320bcd8b04b4e1224ccf19ca3174a88983b2b7f63967f292bc493c2b8fc27ef8ff85b42c75446564d98fc8ab228b8bc9b006fd9d176b8591ec83fc5c8eb264e0b79c8abf8c4bc0c056e37f6ba21eaa7559ec53148e6180eb7ed04b1ab83052c3131da894a944503900f28286c37acb72ceeb38188374812bb6fc90b534649993a888be49e630710d5097cce9b5168cff9f8bbc1913f227209eb1eef179e34f389483735d464423c94edc2496b92ebcb90ec5f6e81b4c8f919c3b7dd0176817d62779b4feb16c29d08d035aa0462851db00c79882c09cfa3dfab0e4f341d13909e9c865af5e880ff912da6b1d146d373ed440a9a33aea0165d27fafaf03bdda147d62e26f2396bf1d329fdf7342f9213b132d206b9a9d881fd0212d408ae67f1acfe079e7cb8d24723cd0cd1c1365e07faf1a4667de8eeb929566dd484bacb92b5507cebb8976422ba4881cfae1e0383d8b7300137e8bd6f64498fa28163afb763de891fc4da517097c5b09f9c31404e264a625e006709c698b0968b3a5f15778083727705f7298703cdfe6097c7cc20146c5acd32a1dc69fddbc9a943e3088b486597656a418d404b870a49f926685b314d4af2cc14012d8c37aa4aeec0164e0fd1973b8f451938e6f86792e370d893ec2511d1ce160c45e86a5416dd2e410c4c657fdbe0b8f979b71bdf0e0b4a9dcd0bb28441906d68a0016929ad2848868080e4da49e4b0a1acefb29c70448f30618858ea176b90478c760b476f968355a65145a3501e4bcac9889c15381538a89646e9d22c40f4814e4df311dbdcccafd00a283a4f7b3c5d200d601e00334c37a87b2e64f13b50ea6270278164cc462bc6a4859fe05c760ad23c65d622c9dbec47f28f5dfcb634038d353b98699bb410d046718d29a246cd476f853b58b3e30ba087e05d43edce50385f4393b75bbe15c7a9ed184391feade1c825c283db2e8a5e2a1da6d05b8250453d4048b5ccfe42a98d1bc685870117913cb46006729b87333cb3531f72c757d498aff3bae92d1a132c7819b044d526e15f5538ef6835fe4af50837110b032af354d5fae6ac304e271532e868b5e2a9fd9dd3a295401414277ce0535bfeada9bb60979fade6c5fca2d91398c52e2e2d405caba54bc22ba115b2dacdcf69edef9a6486db495528c93732cd44c814c1e4227bf4b4e322b0408d2404c26dee2b42ba57f85b0e3c10fd7f8ea945673a9742cd9c6e1eb5846e59dd09769c599a3507f7e44f39eed121dd9935fa2ddaa5887b374a421d59afe9bc0bc1eae7fb12910ff6addd69c0037f75c100f4dc15eb51e10a80d11341d55f41fe8ed9fe402c4f5e022b57d843f77ae5ee3ca32d6bbaacf2f81aeddfd4e70d4c78e3ef79c6fc90d7a051c34faa65880307b6af3a69169c5e5ba297008b82a55d3e7f77454c52214f14bd290e7cc260c136b09c7da1529853668a6f1ff41d049b7f645035b47cb7002635481e9165566213f9041bd2a117e680a3c83a732ecf69e8c7faf566db3a7415bab0b2727a1327fd7b22b6ae885357a6b64394e693f2f5c4f9c71ee5357d71f59ba591ed3ba930c171fe4ea71e9fc8327cf478af9d7c7275d868b0b0f77223b8c8d3cda548ea04bb12acd6ba9554fe8093f9875f1779c8148318166ecf36d6c93a5c2dea264fc9b633fc3a53276fc11d56bbdd9d1c3b27f0ef65f60776c5b461220235df87f125e6742eca4ac637218a78018a921fd3b2d87d8aafe39fce2a3823b3577b8907ed92fa71191c1dc9d847359d1bf38d61389af813f3282766d4ad9f465e5c49a87cf71b87bad74af003174a8face9ab5cceeb44576cc923a2ed80b6c314ecf26fae188b2ae5ccc584583cdaa54e813cec999ec75c238ea9f8fc7f30a78313a038d28660d1bb3a3bf21bd37ae3a01ab8686e1cf5b233b1b1b356bc8cb13a3126d21a0b07e22fc4c7df6b1fc93e3ae1f14fc0bda1c55a4d54c84b38da0c925f759a1f5b99712deeef24b280646e1f9fc0e9ffb795d07c309884ff63176f42dc77e0b0fae1c7d02b30b35942bdef4f40aa66dcfdcaf66a287e7a1a1915b1ca19be09bab69a34cd20aeb98350cf40c7ca3de1ce2f6d1078547fce2f05d9b1f05bb3ed7cf8d29b55456c0af5748a310d07554503a", 0x1000}, {&(0x7f0000000180)="c2bbd2db076149f5d1f730332498fd439ee7a1871557eb28823bb8b970bd109d7e71699023e6f1", 0x27}, {&(0x7f0000000300)="4913afb9e71b32766269b087e96980bfa3ed89207f4f1d25dad34aa001a4fb4194fe4504e01c53a2af844af16413315b8fd7741fda62e0d6b8b16d8fc8960728b899f1ea9635", 0x46}], 0x6, 0x0, 0x0, 0x40}, 0x40090) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$pppl2tp_PPPOL2TP_SO_SENDSEQ(r4, 0x111, 0x3, 0x0, 0x4) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1c, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2332.286722][ T27] audit: type=1804 audit(1586453228.476:45046): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2620/bus" dev="sda1" ino=17067 res=1 [ 2332.708771][ T7114] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2332.763228][ T7114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2332.793853][ T7114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2332.804720][ T2522] block nbd1: Attempted send on invalid socket [ 2332.810932][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2332.822753][ T7123] XFS (nbd1): SB validate failed with error -5. 17:27:09 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x2000) 17:27:09 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x8010) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r3, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000000)={0x0, 0x3, 0x1f, 0x81}) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000), 0x0, 0x80000001) 17:27:09 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, 0x0}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:09 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$void(r1, 0x5451) 17:27:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1d, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:09 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000040)={0x0, {0xf67c, 0x2}}) [ 2333.221579][ T27] audit: type=1804 audit(1586453229.406:45047): pid=7140 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2621/bus" dev="sda1" ino=17126 res=1 17:27:09 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(0x0, 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2333.613764][ T7148] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2333.641695][ T7148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2333.673144][ T7148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:10 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000040)={0x0, {0xf67c, 0x2}}) 17:27:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1e, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:10 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000300)=0x4) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000280)={'veth0\x00', 0x2000}) r7 = dup(r4) ioctl$KVM_TPR_ACCESS_REPORTING(r7, 0xc028ae92, &(0x7f0000000240)={0xfffffffb, 0xffffb231}) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000180)={'wg1\x00'}) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{}], 0x1, 0x0) 17:27:10 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='befs\x00', 0x85a8a1, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:10 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000040)={0x0, {0xf67c, 0x2}}) [ 2334.434460][ T7276] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2334.486065][ T7276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2334.530949][ T7276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:11 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x2800) 17:27:11 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(0x0, 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x1d, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:11 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000340)='setgroups\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r0, 0x0, 0x9) r3 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r4 = socket$netlink(0x10, 0x3, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000280)={0x8, 0x81, 0x6, 0x101, 0x200, 0x1}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES64=r3, @ANYRES16=r7, @ANYBLOB="04002dbd7000c6b6d24640d2fe0100000000000500e4000100000004fff401010000000600ab0109000000f973781af9e62b428ae9ca71232caf224541a9e44b7fe5780791d962da93ebb914f90a126bf6c1185e98b52064ea88d6d2f4bba1516929ed99ff0a9d7a7dee11defac24835ced13ecb2caf1bc53bab9bfcbf25ba22aada185d1dd013cdfd4d71cb639b8d4aad25fd773bbf6467e676a2cb722440ca6681169c3ff60ee407f8da24d938bc1f9d2512d2b75a7a3ba8687cf6949c17c71b70f0bb2896e8"], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r8 = socket$inet6(0xa, 0x5eeaae1efb7b6048, 0x2) bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r8, 0x0, 0x0, 0x4804, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c) sendto$inet6(r8, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r8}], 0x1, 0x0) 17:27:11 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 17:27:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x21, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2335.039136][ T7403] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2335.153598][ T7403] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2335.182514][ T7403] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2335.401950][ T7514] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 17:27:11 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fee42e0900000000000600ab000900"/32], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000240)=0xfffffc00, 0x4) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r4 = accept$alg(r3, 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r4, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000300)={r4}) ioctl$sock_inet6_udp_SIOCINQ(r5, 0x541b, &(0x7f0000000340)) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2335.523389][ T7514] CPU: 1 PID: 7514 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2335.532047][ T7514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.533803][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2335.542117][ T7514] Call Trace: [ 2335.542147][ T7514] dump_stack+0x11d/0x187 [ 2335.542210][ T7514] dump_header+0xa7/0x399 [ 2335.542234][ T7514] oom_kill_process.cold+0x10/0x15 [ 2335.542254][ T7514] out_of_memory+0x21d/0xa30 [ 2335.542277][ T7514] ? __rcu_read_unlock+0x66/0x2f0 [ 2335.542305][ T7514] mem_cgroup_out_of_memory+0x12b/0x150 [ 2335.542331][ T7514] try_charge+0xb60/0xbe0 [ 2335.542437][ T7514] ? __rcu_read_unlock+0x66/0x2f0 [ 2335.591104][ T7514] mem_cgroup_try_charge+0xd7/0x260 [ 2335.596316][ T7514] mem_cgroup_try_charge_delay+0x36/0x70 [ 2335.597720][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2335.601960][ T7514] wp_page_copy+0x31a/0xf20 [ 2335.601990][ T7514] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2335.602009][ T7514] ? __read_once_size+0x2f/0xd0 [ 2335.602039][ T7514] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2335.625667][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2335.630441][ T7514] do_wp_page+0x185/0xcc0 [ 2335.630543][ T7514] __handle_mm_fault+0x1c5e/0x2cf0 [ 2335.647204][ T7514] handle_mm_fault+0x21c/0x540 [ 2335.651991][ T7514] do_page_fault+0x4a4/0xa52 [ 2335.656724][ T7514] ? do_syscall_64+0x27f/0x390 [ 2335.661500][ T7514] page_fault+0x34/0x40 [ 2335.665664][ T7514] RIP: 0033:0x40f18a [ 2335.669569][ T7514] Code: 50 20 48 8b 70 18 48 c7 04 24 00 00 00 00 48 89 53 10 48 89 e2 e8 46 78 ff ff 84 c0 0f 84 6e ff ff ff 48 8b 04 24 48 c1 e5 04 85 60 80 76 00 01 48 89 85 68 80 76 00 48 8b 43 10 48 3d 00 00 [ 2335.689254][ T7514] RSP: 002b:00007ffc39b306e0 EFLAGS: 00010246 [ 2335.695369][ T7514] RAX: 0000000000000003 RBX: 000000000076bf00 RCX: 0000000020000080 [ 2335.703343][ T7514] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000002947848 [ 2335.711313][ T7514] RBP: 0000000000000000 R08: 00ffffffffffffff R09: 00ffffffffffffff [ 2335.719325][ T7514] R10: 00007ffc39b307e0 R11: 0000000000000246 R12: 000000000076bf00 [ 2335.727308][ T7514] R13: 000000000023a25b R14: 000000000023a288 R15: 000000000076bf0c 17:27:12 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000240)={0x20, 0x2, 0x9, 0x2, 0x3}) r2 = socket$inet6(0xa, 0x1, 0x0) syz_mount_image$minix(&(0x7f0000000280)='minix\x00', &(0x7f00000002c0)='./file0\x00', 0x20, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000300)="e1bf785b3be14e387005647f94dad3d2556077d89bf9fd686d886ddc137dc32aa9247cac5af4b6aa7d328af1ac32e8fe1b3ad2ee59c652178966325cae1c0982a67b952883fa461bdd40d4adeeb4e1c7e33ef555c5f0cc61098368601dade37c0772f8b71d3545fdee5c799014fd81ca3f3dbd620bd11d80e8f23232ed7e74b400d2363c74f424be", 0x88, 0x800}], 0x2020c8, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:12 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000040)={0x5890ca647cbd973b, r3}) uname(&(0x7f0000000540)=""/4096) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:12 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(0x0, 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2336.212156][ T7514] memory: usage 307200kB, limit 307200kB, failcnt 3101 [ 2336.238513][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:12 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x40, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_FLAGS={0x1c, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_AUTHENTICATED={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'batadv0\x00', r3}) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000001800)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000017c0)={&(0x7f0000000300)={0x14b4, 0x12, 0x10, 0x70bd28, 0x25dfdbfe, {0x2c, 0xe0, 0x9, 0x4, {0x4e21, 0x4e24, [0x6, 0x1, 0x6], [0x2, 0x42a, 0x4, 0xfda], r4, [0x0, 0x6]}, 0x4, 0x1a}, [@INET_DIAG_REQ_BYTECODE={0x3d, 0x1, "04f2023403f6cca14a17eff0ff4eb9d87b02e9cf5d4ca35848ea6a7ac0b72dd92b7e0ede20d9d4c056c07e7955c6418132c4926d7b1898a12a"}, @INET_DIAG_REQ_BYTECODE={0x8, 0x1, "e867755d"}, @INET_DIAG_REQ_BYTECODE={0x59, 0x1, "26c012d6fb174b7c26996e85a93a9089dd3a81c6cbf4f6aae26eb8559df3912bf5a986d8ea94a982362ee376027f45b08067343cf6df10cb9b00028262981a3543d2cbf0244afe982545081a7cc3c96a6f87864dcc"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "12874e0b74132b3f38a6cc08b2b73c5cdbe454af70dfb056959d3dcf4f17dead87055062efd0bafd6841ec361f07bffc7ea36f906679be3e73c37a426191788f9d3bdd152a8c079eda915cbc6c99046fd70b144b6ebebde47ef352b785743af0034ba0dab9430c016fddf0abed1ee5b0adb0bf614a1a60b5d22e55bf2cc75692f22c743f179d1ca3ce8660c8ae72b3dcb9906eae0cc5d17e8efcfaebf15430420019a3167325b3a0c6879e276d9d965fbb2d84d58f38ee621804504bee5050b1b42556b0404805559ba6e4fc5eee492e7436f100f3c60b0be481b0d9985dc1dd858cfce5273caf84732b70cb8be398ec5e861f1b6a8647fc308411bd9eab44f206f7eda69eeecb83d64b2a3aac1863e38dbe47c3e4db1a0b08120811c80e49d36deed5c60c344f54443eeda062a729b7b1f8311b06c8136b975ee639fd244d3aa81f7e9653500f321e63d3ef1fa9b279d56a478c1e6ff876624ba6352d73105a3a21ba1500fc71bfea4acb3a4664d01f64b693695ad3f03007a567ae4559d7274c25efdecb9d55adfe919f556f00e94952a1f3e7c0cab65bb39d8faf09f021a8276c801871b74009787649d4243a78671f7b95e2e9b86264d285c0a21970d2995588cecfed7f28edb1d1ddcc4ed81faefd587e9e9babc3c50dc9800f7a6dcd690848f647c1723f60d12602e29e2aca3df51d2d266045ecc19c7813d841e8f61420beaf75422b991df748d08de33719ca9c41877783d96f924eca42d41c1ad0b981804f72b88d62f3f69cbc8a48f6f1bfd6ed33864773698c4b244eb93b63a9ab1a4a12665ed8930390e25c7e5e422d67b66be9e805dbd65dfefedf749ed2cbc5002375bc9f4aae311c2f5459ec6ad0ec3f8ed12bf4b053065d27191b5124125725b518823a14d15972f3dc86b5055556cbbbb556588adbc97178d400e6e790868430b71e74c76891ed0f59fc490e60f8b33bb8efd72e9cbefdcb2ece495f2b7cb2bf564e25f6b9d241c330aec1ff207f4915e918e94d34fa1c07900993a46a11da7197953cb74e914c6d912e812e4987f976f6030c93f0cd5ccb11f337cf6dcb569933a04b14e6b3483a9f8175d747b241a4943ead318eb1224893bfdd34e9ceeff2f1c8c0892e0a3833c6a1c2664944f072814239c4984774a67654e809d3774bd2d35bc2f7f7ddb7bbf0d99cd44f083239667deda5d5c488a19ffb2aa334335fa41288d6d15eada829398b8c02b6598348e65998b955b74324401c67363e3eda1555dd5f430598444bc87cc27bdcc45056d11f4b4d8069b7582dd9ab0240fe76495108a667bdf92c4467f3a9996165f0cbbcd58e6c3ecbdc934487705a699a196e50b8ec48ee8709c8057432197f90324529b0221626c177a971760798266da439f3b5b63ffa338cbb5c000a7cedbdb2cd59585ff312012edc1d9b1fa3d671f37a8f68bb4d9c6944a5a0362eb0368c46eb7b1d58ae78b83809ddb8f247719d3a107481bed51e3f82ff14e197fde2e6266e908d73834f3bd4b942410e8fcf518de7ba43b47824696d7689157eb347c99479f933a0afb89455cb9431c193e870c7e2aea8a986c3cc0c582e8232436ed074e61b95614563ad77ebfd56a65dbc37dad2ba9fe7faac4c54ffaf881359f5142b0e9b9c51c9d050bd930404e06c27f60e63bd2ff8df51104b13d78c1cd96af769603157e47dc5bcf80bb806c5755e618966885c203d9d5bfb31ec31f24046a928eb994469404f4cae22e356984571a4454bc863c5f36f98b45430277c5deff228598f4b4091086bab60bc42e89a0371ed6aeccd20c884ff1187d867a97f9b89acab6a6797570c99347273e995592ce94c9c3aa1131281ba7b69b79eb712c7bab224285ecff2d03b471309a786020fbc58be04cc44c1149ba965e8c46f5817c9c883eac7d7a54681357f69c1e5eb7e9d63c81a4547866201cff44d0a09094529155b215bd93738e6149f180cb71c115dc266aedb1f90509ce03e8cc0bcefa2acaa5c14f4637f4121f2cb539892e7d041e7fe695e9349a6880cad6ca1d82f75593075e0abd5cda3d9b1ea0e012f510dc99b7be90828422a6ee5329745097ccfe1aa70c0201675f4e0803b4d5467307e21be7dc8f8886ed89397779fa6d27509c2fb166b13b1455d26f0e12edb2abd5b653b7a6236b3fd8b34b0135466dc49fff43daa3f7b3a5e946193560f49c2131ab4f7fd6456b086de156139e6a60314e95f2f764d5cb839d4f863ecdfbe37de7f6bf4a6d9de9dc9255df6a313132473c0c28ab11663bf57c34377c700086745c90a4358eba615730f8a26d5b697721c78c589dee573f4c03f9b0aadad40527aa7803989dddf31f877bae62981b009990237cc53f3215f6fcc245622809a508c412f94659fc96c88e9af977ce1d24bd9b165bae0310a0d4cddfb53a0df2e35c0a03c3bde1d8931999aaf32e06d41449e2282b0b7114b4d8cefa259e3883ea3c5b3a9b3650fa71ac3c249e030c461ad5d45aa2f591a1ac159bf95269c7b7f12f96b1725b84663f30256a839c76e4ab595b4c5c66dd146b479ba8440681a1adc3aab885ac5065fb8d7b98f928087018908bc42a09042cd96ffd28d3845907feb75b82faaf7da125027d2884d93145c1c27d0a8c583f11a70a535d1beb3e6fcad28e5ae2c767f362c4457d4cb502eaa8802cf76b6adbf82fd210d43fd9abf4bf19e05c562c380f886757abb04c14b655219355aa462e7acd10233beceefd107b218555af5d02038e3730a758a3ee6eff2675509b37f2c766fb3091f2e013ec6beca77142dd42579916f4dadf0a1abe8387beab5985c3af7c16980af4f4aec245d55fce5e95e9330db9e28d0e0e5a3442d45725e05c85973275ce4b41433c857487e9e2ca899b7ad6368e1cc43933e53af88529b8c06631c3196dc089348c99e9cc25f5040af75fa89dee79fb6d8ad2396ab1c55f81ae61cd5adb83acbe0d4ef31082a7ac06989cb3c6f936a04d8eb62f4f538b346150b8b58ad4dc36a7b6f3e19778c0b2327baa418fcdae5e5131ac245ad1c22586cf1b995c1a5ea2ada99f1bda2b7c7741a046f08dc376f7ce341c35fdafd343baf1f38325a6edea8e4808343d28429007e418576f7602a61e103f67b73dbdf0c0c34e090a7b7823d8b464d35bc7299619f2541ea7e3e30f5e499b0e2368f00f313481939d00a575a9de1fd63dffb243f753b6cef382466d8d0faf6be5f8dc839dd80f29fa7c37ef26080f3d06f7506c3a592c5fb110b7b31f6061431f9e3580ddaa3c5fa4163356c22c2731450c48d7aaa9095b6cb460fe801890d3cbe440f0752fac387798141823f1650e84a55d0ba08c201df97f6996a9041814c77b259d4da834b24fb05ba077f58fe5b600d5d6c8d79fe8eae55878bd8c624d3ce3c5378f46e6e1dd2811a4e002df6fdf03676e85fccaa914f50386ab2db23f97ae55758b6e89b6fdb6a70b40d632d39180aa82c16c1705f04e2bb71bc409caa147b49adf198b22aacc91edd48deb11e602107568b426124e77b82d36c35ce500532284721222363f8c23bcbb5308a4ee8fcf1c4730cce8fb48c0e19a603341698399f8627220d6e23f6f256a9d8ad0f13ba839959156366aa1d4dbdd950725b26782885f01c027905303a7d6fbcc4dea80e112d3354343447ee54d6170bfbeefe055deab4a151ff367a9559d526e66338a42d6e9a83d561af496226268344965aa85a99137ce95dc44c0bcc32e789ffeba35bf28c88e6b305c7484d45d30886aefb9964d0aaaa956bb7e9cf547662e7321e7d02eeeff74d057137f2fc23c3a119462f91ce7ca25749891c183fa20d2c24f5a5c0e282240a02466e48a06f572271cc50be37a21a1dadc74d37e0fa591437209e716896b0af0492af31f70a235e3a837a734844d822cad2a65d6d5df37107cca6434b912b009b673f1f0d7990654c1d38a0e4ac3e28fd9234f3992946079bc23a1dc8ac9805ce4d58d4599f5321eaf3c790cd3aa50a1d2d5bd80427862ecdbfdac7ab320781b836261f161f9ffb6ea90124754d8d053f9f48f2b8156edae92245d22520918a249c536654cbe446f100dd0aee8d237d252e3cc3a61a54b30c616c002bd977fa683f7e02d3471883e344b13596518327173a346b10b8e7584a3b7644f4656075db7a9fea5961b2212b4126cffcb17670ce46f476094d0c0df7ea003753d05c394ee2f3ac59c0ef84de7dca80432ea6200fbc4deea09ecbb72fcf38dd373631c973355226fd05cd27518a9993dfd6b482301fe0af5fee081495b16cda40f2d62772023c593890576d565f255d2be600066a0b1c4c823ab2a86ff5494e62540c430bb803f03336d45b82e46f2cb67bd744cfed2ba0b20abeb342f24952d22e5e8d86a000c70ed2778b61f506fce9ce96ff43f401db4fa16e87f75f6d753043dc42914eb8eef5ec2b071489a96cf4338fb48116f3fd3e02dbf8017599372051f3ce9b72eb151319757b2c34e65d1c2e537d2ba3bdedbe9725c191f471e489cb86ca156b114c770ba7e55ea7262be6466597f070d474103fc5eac559afc153d21226ba306d1bfa4de367b6518314b33d2d20865aaf2693e3c0da283a7056092ae2ace8580a92c1a82479b3c9330887e1cb9c805c04a69d60ec0046cf8d8783d723baf46811dcd32290225bc4433b56e24a1fb08f1b7cfb46bc7b63fc1f08df4ff1034cd853bcbbda5d2474c0b381f07c71b90b58efe4eb8d4b0c7b2156d8c3672adbd67e1f23abd669f837bd659197aa50295f2dfd6d2401447f580738528d15ce316782140e55df07bba42f0052216f6cd9d4c64151183cf4c6c94fa772188d385e02d9eb4c9d9123c5ebc8056771c65c11fbf64bef3d9948433b06fc918f23b00bb452c2d30d5e92946a9218e73117d0c5695d5dc961e5e69108a37a4b4c77d0893443d62840f486b6eba3649e4e76503755f6f314354f01efc92351afed2b389660055c826dac66a41ed97007a88c51f9e71cc31a4ba8016fb5290e286ee856a7161f465d08508218426c9e8938fa48f101e9df1a29e030870c5cfc960bb21c9802a43b743ceacb9bf92d7c6336867001bf9ac6f45a87918cf3ad9eeab82245e4ee5e7fedeab9b59c9614b436ae78e95afab72e7e11b3ebfeaaa397a5846dd2c32c9c8636fe7b6f9ade7d6564398e1b383c83cf9649078776b0ee7e63a62db37792d8b67488ec9776ab397b5dedefd2074c2d7a9d575b4566b7351bd795d054e2b2fcbe59c2b524a9394102e6602523f300b52e11757be68af4d808492b0d5a6214224c53b68dedfb1ab20f6f7edb2c519f2741142b1bec872b85da85ef4244ebaa410c062eabcb2d24af806edd41a964391df21b1a936df89890bdf9d22e576765f9693a26f38e5f17db54f46ed37f4717eb94579dce3b4872f12df25c4b2002226e05d9680d48e7d89070b0d338d3a2f2b2cace57fdc5f3d56a83868d18325859c92d889d7f00455627b526cb84bec540f3051c4dd6b9fb6b249b370dd232dec20c9302a1a1d646c3eddeee87ce8d82524718827cbaf7d296fe8644b32a9168118f408b71a62cfc37646f6fe018e7bfd081bda102d3f9129802113ec418cba9866c512574c1547c231dc7b382e6f9b30faf6ae25b06347db1729490fb2f578a7614c483f07c378bb9f42a29b997e72e285673648faa54b64ac22528fdb73a2f2b8b74dea64ee0d85030ec4b4b4c533fe2f63049a076ee0633214110928e4c5db6fbf10079ad27d88ab078ef11a3f4c0c5c3c3cb200c8497039227"}, @INET_DIAG_REQ_BYTECODE={0x8f, 0x1, "ee14d44c248426ebd78f7b68ac8376f815833a2969fc110a2a3f5edc0bce33a74f35387abea1e4cc45712b12df121a751de478319eeeb56f644f230e222bd5e587510e6cd0effb670aadd43256c433c8a127bde3d228e3a2bf84e9a1a46790268ebc556d4856f0ff1361bccb232b5102d8849b1202331fa9d54e279126fcd61d4f6fa75ab77090274c38c0"}, @INET_DIAG_REQ_BYTECODE={0xb9, 0x1, "ea62d95fc0fe1fbbc34b2054aa265096e6685ecaa113fb17d6cd1e1768930d45ab0e8b78f3e7793858d1566c0e7907dfcbfc51272100f0c5201317cfbf875da528cc39ebb4980d6b08821ba02f053ca04ff3fec52028483607a236b5814d13e40c667c5f371bb092faa3fc6b0509e2111679580d089f4a1301a67c9991fcdbcc033fef38abb0abc65c7fbeac982db7051cb1e6f49621c18b991d9f857007509a6a4fcbe8b63a748a3f435a69477713de570b6cc0fe"}, @INET_DIAG_REQ_BYTECODE={0xfb, 0x1, "8e6a43c079deeedca71861ed95fc0a1f5358e6a2cd7b8fca2bba01731270582174465a43f15c1353323b2c5a8399efd5fd7c851b3060211a134889475ffb1aab4fec3dc9236bbd7d14b2dbb4c2844692e98d35d2f4b78c04afa583ecfea94b1aaed7fd6d69186323559d3711815b8af8b08079234dd01cb4b7752a4ce9a738e93e2cdefac481cdcf4a3ab9020204e42be37945f3aecb9d8e8d68d8b5d41e8b6815543fb5a683abfa3342d29adcc603d18d3ff861d868fde3b3eaf110dbbcb33be39a2e5f5676a624adc45261703bff5db7c8bc874faaaa8ed011fce19811a8cc12ec7a23e84ebc28d5fbca42029b2babece32603419be3"}, @INET_DIAG_REQ_BYTECODE={0xf0, 0x1, "7951e74e2a0c3ad6a97818f0570298b864c5fd5341f531d44d2a1261ce03387d1065b6a2c951fc2508a5f9c73cc52cb2704c64f0a7eea97929d7d1f5160871ccafaccfe717f1a200a892bf09c8b7ed96830a3dd725d1c51a31d88d6d0f1ae66296b69c571c55d6fab19a5f2c93474370e74aef813ffd8b29bf85ab79469d4b733d27ae24018352a7e9e31fe7d71f009a11385ee614492e6a6bdc843fda61063ac2bb939da9dafbde10a4fc4e8c8893791f3fe0133ba4d59c0ee1769b463ee970aae41b39204c3e0de6f376d69b642969ac1320495ca20e2a53c8ce46adb518818353ce1d3e2561b01be49642"}, @INET_DIAG_REQ_BYTECODE={0x31, 0x1, "48fb17281b73db4d8248fd43004aa5d1e02d39f70b0fa71743340e70d4e59076bded570d1e514f0286208fa215"}, @INET_DIAG_REQ_BYTECODE={0x53, 0x1, "1dc135143d63be1279ca95fccf124fd0805618d6ee998fe8fd50c5cf10d2d4f8f78913c9f4bf872f8b93b10f0916175e2bcffa0b1452be0f5a7b46547a98a71ae54aa4090d7fa5cefcafe36cb609f5"}]}, 0x14b4}, 0x1, 0x0, 0x0, 0x40000}, 0x80) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f000006ffe4)={0xa, 0x4e20, 0xfffffffc, @mcast2, 0x4}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2336.255985][ T7514] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2336.273220][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2336.282254][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2336.292191][ T7514] Memory cgroup stats for /syz1: [ 2336.292413][ T7514] anon 268570624 [ 2336.292413][ T7514] file 20480 [ 2336.292413][ T7514] kernel_stack 4128768 [ 2336.292413][ T7514] slab 7962624 [ 2336.292413][ T7514] sock 53248 [ 2336.292413][ T7514] shmem 0 [ 2336.292413][ T7514] file_mapped 0 [ 2336.292413][ T7514] file_dirty 0 [ 2336.292413][ T7514] file_writeback 0 [ 2336.292413][ T7514] anon_thp 236978176 [ 2336.292413][ T7514] inactive_anon 0 [ 2336.292413][ T7514] active_anon 268607488 [ 2336.292413][ T7514] inactive_file 0 [ 2336.292413][ T7514] active_file 20480 [ 2336.292413][ T7514] unevictable 0 [ 2336.292413][ T7514] slab_reclaimable 1622016 [ 2336.292413][ T7514] slab_unreclaimable 6340608 [ 2336.292413][ T7514] pgfault 179289 [ 2336.292413][ T7514] pgmajfault 0 [ 2336.292413][ T7514] workingset_refault 99 [ 2336.292413][ T7514] workingset_activate 66 [ 2336.292413][ T7514] workingset_nodereclaim 0 [ 2336.292413][ T7514] pgrefill 1565 [ 2336.292413][ T7514] pgscan 1592 [ 2336.292413][ T7514] pgsteal 368 17:27:12 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000040)={0x5890ca647cbd973b, r3}) uname(&(0x7f0000000540)=""/4096) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:13 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x3000) 17:27:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x22, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:13 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fe9bdf2514000000060010009504000005001300010000000600ab00090000008d6740c6e6fdcb59e7e87cb320c00b92c0302db5791bf3b644c76ce31903fc4a02784b9a74e9130021e96aafc376bee7e8c2fe5bdab0479e2a193580f6005b7e8d3ce0409f3d6d6c657228ad38167d8cbad7d0267c602183bc0837b59f4310f213bb6d3ab105a4e34423193f62d3e587ef63"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010f80507000000000000088fbe3a0000", @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg2\x00', r5}) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) 17:27:13 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2337.204892][ T7514] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6617,uid=0 [ 2337.254528][ T7802] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2337.289020][ T7802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2337.296613][ T7514] Memory cgroup out of memory: Killed process 6617 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2337.320677][ T27] audit: type=1804 audit(1586453233.506:45048): pid=7805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2625/bus" dev="sda1" ino=17218 res=1 [ 2337.322962][ T7802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2337.611992][ T7827] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2337.676481][ T7827] CPU: 0 PID: 7827 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 2337.685143][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2337.695192][ T7827] Call Trace: [ 2337.698522][ T7827] dump_stack+0x11d/0x187 [ 2337.702934][ T7827] dump_header+0xa7/0x399 [ 2337.707298][ T7827] oom_kill_process.cold+0x10/0x15 [ 2337.712420][ T7827] out_of_memory+0x21d/0xa30 [ 2337.717036][ T7827] mem_cgroup_out_of_memory+0x12b/0x150 [ 2337.722692][ T7827] try_charge+0xb60/0xbe0 [ 2337.727063][ T7827] ? __this_cpu_preempt_check+0x3c/0x130 [ 2337.732832][ T7827] ? __perf_event_task_sched_in+0x150/0x3a0 [ 2337.738802][ T7827] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2337.744274][ T7827] __memcg_kmem_charge+0xcd/0x1b0 [ 2337.749305][ T7827] __alloc_pages_nodemask+0x268/0x310 [ 2337.754840][ T7827] alloc_pages_current+0xca/0x170 [ 2337.759880][ T7827] pte_alloc_one+0x14/0x50 [ 2337.764329][ T7827] __pte_alloc+0x27/0x210 [ 2337.768759][ T7827] copy_page_range+0x1391/0x1a40 [ 2337.773738][ T7827] dup_mm+0x72e/0xb90 [ 2337.777753][ T7827] copy_process+0x39ad/0x3b10 [ 2337.782436][ T7827] ? _raw_spin_unlock+0x38/0x60 [ 2337.787308][ T7827] _do_fork+0xf7/0x790 [ 2337.791385][ T7827] ? __read_once_size+0x45/0xd0 [ 2337.796242][ T7827] ? ktime_get_ts64+0x286/0x2c0 [ 2337.801114][ T7827] __x64_sys_clone+0x12e/0x170 [ 2337.805922][ T7827] do_syscall_64+0xc7/0x390 [ 2337.810454][ T7827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2337.816344][ T7827] RIP: 0033:0x45ae5a [ 2337.820248][ T7827] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2337.839857][ T7827] RSP: 002b:00007ffec2287dd0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2337.848272][ T7827] RAX: ffffffffffffffda RBX: 00007ffec2287dd0 RCX: 000000000045ae5a [ 2337.856246][ T7827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2337.864222][ T7827] RBP: 00007ffec2287e10 R08: 0000000000000001 R09: 0000000002461940 [ 2337.872200][ T7827] R10: 0000000002461c10 R11: 0000000000000246 R12: 0000000000000001 [ 2337.880271][ T7827] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec2287e60 [ 2337.979000][ T7827] memory: usage 307200kB, limit 307200kB, failcnt 7202 [ 2337.989671][ T7827] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2338.000469][ T7827] Memory cgroup stats for /syz2: [ 2338.000684][ T7827] anon 283312128 [ 2338.000684][ T7827] file 163840 [ 2338.000684][ T7827] kernel_stack 2727936 [ 2338.000684][ T7827] slab 5287936 [ 2338.000684][ T7827] sock 135168 [ 2338.000684][ T7827] shmem 245760 [ 2338.000684][ T7827] file_mapped 0 [ 2338.000684][ T7827] file_dirty 0 [ 2338.000684][ T7827] file_writeback 0 [ 2338.000684][ T7827] anon_thp 264241152 [ 2338.000684][ T7827] inactive_anon 135168 [ 2338.000684][ T7827] active_anon 283234304 [ 2338.000684][ T7827] inactive_file 0 [ 2338.000684][ T7827] active_file 53248 [ 2338.000684][ T7827] unevictable 0 [ 2338.000684][ T7827] slab_reclaimable 1081344 [ 2338.000684][ T7827] slab_unreclaimable 4206592 [ 2338.000684][ T7827] pgfault 259611 [ 2338.000684][ T7827] pgmajfault 693 [ 2338.000684][ T7827] workingset_refault 1980 [ 2338.000684][ T7827] workingset_activate 726 [ 2338.000684][ T7827] workingset_nodereclaim 0 [ 2338.000684][ T7827] pgrefill 6710 [ 2338.000684][ T7827] pgscan 93705 [ 2338.000684][ T7827] pgsteal 20329 [ 2338.104982][ T7827] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26644,uid=0 [ 2338.167280][ T7827] Memory cgroup out of memory: Killed process 26644 (syz-executor.2) total-vm:74704kB, anon-rss:4256kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:0 [ 2338.206270][ T2523] block nbd1: Attempted send on invalid socket [ 2338.212540][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2338.224715][ T7945] XFS (nbd1): SB validate failed with error -5. 17:27:14 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x3a, @multicast1, 0x4e24, 0x4, 'lblcr\x00', 0x34, 0x1, 0x4a}, 0x2c) 17:27:14 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x2468825185d9173d, 0x0, 0x0, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @link_local}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x60, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_REG_RULES={0x4c, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x40}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x400}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xd1}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x1}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1f}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000380)={0x0, 0x6, 0x6, 0xc11}) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) 17:27:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x23, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:14 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:14 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(0x0, 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2338.545329][ T27] audit: type=1804 audit(1586453234.736:45049): pid=7971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2626/bus" dev="sda1" ino=17094 res=1 [ 2338.882748][ T7972] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2338.999363][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2339.117723][ T7972] CPU: 0 PID: 7972 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2339.126353][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.136407][ T7972] Call Trace: [ 2339.139714][ T7972] dump_stack+0x11d/0x187 [ 2339.144057][ T7972] dump_header+0xa7/0x399 [ 2339.148412][ T7972] oom_kill_process.cold+0x10/0x15 [ 2339.153591][ T7972] out_of_memory+0x21d/0xa30 [ 2339.158198][ T7972] ? __rcu_read_unlock+0x66/0x2f0 [ 2339.163242][ T7972] mem_cgroup_out_of_memory+0x12b/0x150 [ 2339.168837][ T7972] try_charge+0xb60/0xbe0 [ 2339.173263][ T7972] ? __rcu_read_unlock+0x66/0x2f0 [ 2339.178297][ T7972] ? __rcu_read_unlock+0x66/0x2f0 [ 2339.183339][ T7972] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2339.188821][ T7972] __memcg_kmem_charge+0xcd/0x1b0 [ 2339.193862][ T7972] copy_process+0x12bc/0x3b10 [ 2339.198554][ T7972] ? kvm_clock_read+0x14/0x30 [ 2339.203237][ T7972] ? kvm_sched_clock_read+0x5/0x10 [ 2339.208355][ T7972] ? sched_clock+0xf/0x20 [ 2339.212775][ T7972] ? sched_clock_cpu+0x10/0xd0 [ 2339.217542][ T7972] ? record_times+0x10/0x80 [ 2339.222061][ T7972] _do_fork+0xf7/0x790 [ 2339.226138][ T7972] ? __rcu_read_unlock+0x66/0x2f0 [ 2339.231283][ T7972] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 2339.237368][ T7972] __x64_sys_clone+0x12e/0x170 [ 2339.242190][ T7972] do_syscall_64+0xc7/0x390 [ 2339.246713][ T7972] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2339.252612][ T7972] RIP: 0033:0x45f259 [ 2339.256554][ T7972] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2339.276254][ T7972] RSP: 002b:00007ffc39b305d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2339.284714][ T7972] RAX: ffffffffffffffda RBX: 00007fc0c328b700 RCX: 000000000045f259 [ 2339.292833][ T7972] RDX: 00007fc0c328b9d0 RSI: 00007fc0c328adb0 RDI: 00000000003d0f00 [ 2339.300886][ T7972] RBP: 00007ffc39b307f0 R08: 00007fc0c328b700 R09: 00007fc0c328b700 [ 2339.308889][ T7972] R10: 00007fc0c328b9d0 R11: 0000000000000202 R12: 0000000000000000 17:27:15 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04006dd6890600000000000000000000004000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2339.316970][ T7972] R13: 00007ffc39b3068f R14: 00007fc0c328b9c0 R15: 000000000076bfac [ 2339.333228][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2339.361109][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2339.394066][ T7972] memory: usage 307188kB, limit 307200kB, failcnt 3153 [ 2339.401622][ T7972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.410450][ T7972] Memory cgroup stats for /syz1: [ 2339.410840][ T7972] anon 268578816 [ 2339.410840][ T7972] file 20480 [ 2339.410840][ T7972] kernel_stack 4165632 [ 2339.410840][ T7972] slab 7962624 [ 2339.410840][ T7972] sock 53248 [ 2339.410840][ T7972] shmem 0 [ 2339.410840][ T7972] file_mapped 0 [ 2339.410840][ T7972] file_dirty 0 [ 2339.410840][ T7972] file_writeback 0 [ 2339.410840][ T7972] anon_thp 236978176 [ 2339.410840][ T7972] inactive_anon 0 [ 2339.410840][ T7972] active_anon 268697600 [ 2339.410840][ T7972] inactive_file 0 17:27:15 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2339.410840][ T7972] active_file 20480 [ 2339.410840][ T7972] unevictable 0 [ 2339.410840][ T7972] slab_reclaimable 1622016 [ 2339.410840][ T7972] slab_unreclaimable 6340608 [ 2339.410840][ T7972] pgfault 179355 [ 2339.410840][ T7972] pgmajfault 0 [ 2339.410840][ T7972] workingset_refault 99 [ 2339.410840][ T7972] workingset_activate 66 [ 2339.410840][ T7972] workingset_nodereclaim 0 [ 2339.410840][ T7972] pgrefill 1565 [ 2339.410840][ T7972] pgscan 1592 [ 2339.410840][ T7972] pgsteal 368 17:27:15 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000002c0)={{0x5, 0x1, 0x2, 0x81}, 'syz0\x00', 0x3}) r4 = openat$cgroup_ro(r3, &(0x7f0000000240)='cpu.stat\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f0000000280)={0x1, {0x3, 0x6, 0x3, 0x8, 0x0, 0x10001}}) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2339.616145][ T8081] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:15 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x3580) [ 2339.667562][ T8081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2339.722076][ T7972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6498,uid=0 17:27:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x17, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2339.763616][ T8081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2339.782357][ T7972] Memory cgroup out of memory: Killed process 6498 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2339.830002][ T27] audit: type=1804 audit(1586453236.016:45050): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2627/bus" dev="sda1" ino=17068 res=1 17:27:16 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000002340)=[{{&(0x7f0000000240)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast2}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000400)=""/103, 0x67}], 0x1}, 0x9}, {{&(0x7f00000004c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000540)=""/143, 0x8f}, {&(0x7f0000000600)=""/100, 0x64}, {&(0x7f0000000680)=""/169, 0xa9}, {&(0x7f0000000740)=""/206, 0xce}, {&(0x7f0000000840)=""/121, 0x79}, {&(0x7f00000008c0)}, {&(0x7f0000000900)=""/108, 0x6c}], 0x7, &(0x7f0000000a00)=""/189, 0xbd}, 0x1}, {{&(0x7f0000000ac0)=@hci, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000b40)=""/4096, 0x1000}, {&(0x7f0000001b40)=""/48, 0x30}], 0x2, &(0x7f0000001bc0)=""/248, 0xf8}, 0x1}, {{0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001cc0)=""/13, 0xd}, {&(0x7f0000001d00)=""/58, 0x3a}], 0x2, &(0x7f0000001d80)=""/171, 0xab}, 0x7fff}, {{&(0x7f0000001e40)=@xdp, 0x80, &(0x7f00000021c0)=[{&(0x7f0000001ec0)=""/179, 0xb3}, {&(0x7f0000001f80)=""/137, 0x89}, {&(0x7f0000002040)}, {&(0x7f0000002080)}, {&(0x7f00000020c0)=""/225, 0xe1}], 0x5, &(0x7f0000002240)=""/220, 0xdc}, 0xfa49}], 0x5, 0x2000, &(0x7f0000002480)={0x0, 0x989680}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000004738cee45b213d7e32b8d15f620ea43f490fd757775063be846636a3dd2dd154129a54f0ce36893553ea922a6b6c1de5ac8281ae43d2bc519c06b8e25dcadb801624b3fbff78f1c1656131f8cca8920e9b5c89c67a5de58a75240cdc5bcccc4dc8c54159284ad00f43016659b119ad2f5933d30b2f24e962de8aa17d9a02cacdc2013a786a38c8c4135a8ed05cf9e629256296f579a5ee0c2c1c2967db408858f58c081c1e426196cf7d9beccc8893a06512e4b061239e78e382fa3eae53aba055b72f774ceeff6102df163b17ee87339202f80033689ab891c42542ea9b47ee33f21c20d5dc4f756debf05dbf8f0ec52278d6606853e78ba777ffbe9a", @ANYRES16=r3, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffa, &(0x7f000006ffe4)={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x35}, 0xffffffff}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:27:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x24, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2340.077869][ T5114] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 2340.166939][ T5114] CPU: 1 PID: 5114 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2340.175688][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.185824][ T5114] Call Trace: [ 2340.189132][ T5114] dump_stack+0x11d/0x187 [ 2340.193477][ T5114] dump_header+0xa7/0x399 [ 2340.197922][ T5114] oom_kill_process.cold+0x10/0x15 [ 2340.203045][ T5114] out_of_memory+0x21d/0xa30 [ 2340.207659][ T5114] mem_cgroup_out_of_memory+0x12b/0x150 [ 2340.213224][ T5114] try_charge+0x7ed/0xbe0 [ 2340.217562][ T5114] ? try_charge+0x1a0/0xbe0 [ 2340.222087][ T5114] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2340.227711][ T5114] cache_grow_begin+0x39f/0x590 [ 2340.232568][ T5114] ? __cpuset_node_allowed+0xf6/0x200 [ 2340.237955][ T5114] fallback_alloc+0x167/0x1f0 [ 2340.242660][ T5114] kmem_cache_alloc+0x16d/0x5e0 [ 2340.247337][ T2522] block nbd1: Attempted send on invalid socket [ 2340.247524][ T5114] ? tomoyo_domain_quota_is_ok+0x236/0x2b0 [ 2340.253746][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2340.259480][ T5114] ? tomoyo_domain_quota_is_ok+0x240/0x2b0 [ 2340.275577][ T8317] XFS (nbd1): SB validate failed with error -5. [ 2340.276280][ T5114] __alloc_file+0x49/0x200 [ 2340.276309][ T5114] alloc_empty_file+0x8b/0x180 [ 2340.291798][ T5114] path_openat+0x72/0x2f70 [ 2340.296233][ T5114] ? memcg_kmem_put_cache+0x77/0xc0 [ 2340.301441][ T5114] ? debug_smp_processor_id+0x3f/0x129 [ 2340.306949][ T5114] ? try_to_wake_up+0x74/0x6d0 [ 2340.311723][ T5114] ? kmem_cache_alloc+0x1e2/0x5e0 [ 2340.316758][ T5114] ? debug_smp_processor_id+0x3f/0x129 [ 2340.322253][ T5114] ? kick_process+0x41/0x70 [ 2340.326777][ T5114] ? signal_wake_up_state+0x55/0x60 [ 2340.331984][ T5114] ? __read_once_size.constprop.0+0xd/0x20 [ 2340.337812][ T5114] ? debug_smp_processor_id+0x3f/0x129 [ 2340.343283][ T5114] do_filp_open+0x11e/0x1b0 [ 2340.347856][ T5114] ? expand_files+0x2e7/0x400 [ 2340.352608][ T5114] ? __virt_addr_valid+0x120/0x180 [ 2340.357739][ T5114] ? __read_once_size.constprop.0+0xd/0x20 [ 2340.363672][ T5114] ? _find_next_bit.constprop.0+0x126/0x160 [ 2340.369575][ T5114] ? __read_once_size+0x2f/0xd0 [ 2340.374446][ T5114] ? _raw_spin_unlock+0x38/0x60 [ 2340.379328][ T5114] ? __alloc_fd+0x2f3/0x3b0 [ 2340.383981][ T5114] do_sys_openat2+0x4f5/0x620 [ 2340.388689][ T5114] do_sys_open+0xa2/0x110 [ 2340.393036][ T5114] __x64_sys_open+0x50/0x60 [ 2340.397550][ T5114] do_syscall_64+0xc7/0x390 [ 2340.402135][ T5114] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2340.408036][ T5114] RIP: 0033:0x416621 [ 2340.412003][ T5114] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2340.431622][ T5114] RSP: 002b:00007fc0c32aba60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2340.440079][ T5114] RAX: ffffffffffffffda RBX: 00007fc0c32ac6d4 RCX: 0000000000416621 [ 2340.448113][ T5114] RDX: 00007fc0c32abb0a RSI: 0000000000000002 RDI: 00007fc0c32abb00 [ 2340.456084][ T5114] RBP: 000000000076bf00 R08: 0000000000000000 R09: 000000000000000a [ 2340.464055][ T5114] R10: 0000000000000075 R11: 0000000000000293 R12: 00000000ffffffff [ 2340.472028][ T5114] R13: 0000000000000be1 R14: 00000000004ce04d R15: 000000000076bf0c [ 2340.482984][ T5114] memory: usage 305056kB, limit 307200kB, failcnt 3153 [ 2340.493254][ T5114] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2340.500451][ T5114] Memory cgroup stats for /syz1: [ 2340.501031][ T5114] anon 266416128 [ 2340.501031][ T5114] file 20480 [ 2340.501031][ T5114] kernel_stack 4128768 [ 2340.501031][ T5114] slab 7962624 [ 2340.501031][ T5114] sock 53248 [ 2340.501031][ T5114] shmem 0 [ 2340.501031][ T5114] file_mapped 0 [ 2340.501031][ T5114] file_dirty 0 [ 2340.501031][ T5114] file_writeback 0 [ 2340.501031][ T5114] anon_thp 234881024 [ 2340.501031][ T5114] inactive_anon 0 [ 2340.501031][ T5114] active_anon 266534912 [ 2340.501031][ T5114] inactive_file 0 [ 2340.501031][ T5114] active_file 20480 [ 2340.501031][ T5114] unevictable 0 [ 2340.501031][ T5114] slab_reclaimable 1622016 [ 2340.501031][ T5114] slab_unreclaimable 6340608 [ 2340.501031][ T5114] pgfault 179421 [ 2340.501031][ T5114] pgmajfault 0 [ 2340.501031][ T5114] workingset_refault 99 [ 2340.501031][ T5114] workingset_activate 66 [ 2340.501031][ T5114] workingset_nodereclaim 0 [ 2340.501031][ T5114] pgrefill 1565 [ 2340.501031][ T5114] pgscan 1592 [ 2340.501031][ T5114] pgsteal 368 [ 2340.605322][ T5114] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6472,uid=0 [ 2340.656048][ T5114] Memory cgroup out of memory: Killed process 6472 (syz-executor.1) total-vm:74836kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2340.716606][ T1080] oom_reaper: reaped process 6472 (syz-executor.1), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2340.731373][T27618] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 2340.822330][T27618] CPU: 0 PID: 27618 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2340.824019][ T8310] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2340.831042][T27618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.848256][T27618] Call Trace: [ 2340.851578][T27618] dump_stack+0x11d/0x187 [ 2340.855947][T27618] dump_header+0xa7/0x399 [ 2340.860292][T27618] oom_kill_process.cold+0x10/0x15 [ 2340.865418][T27618] out_of_memory+0x21d/0xa30 [ 2340.870035][T27618] mem_cgroup_out_of_memory+0x12b/0x150 [ 2340.871422][ T8310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2340.875591][T27618] try_charge+0x7ed/0xbe0 [ 2340.875694][T27618] ? try_charge+0x1a0/0xbe0 [ 2340.891844][T27618] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2340.892369][ T8310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2340.897319][T27618] cache_grow_begin+0x39f/0x590 [ 2340.897357][T27618] ? __cpuset_node_allowed+0xf6/0x200 [ 2340.914907][T27618] fallback_alloc+0x167/0x1f0 [ 2340.919594][T27618] kmem_cache_alloc+0x16d/0x5e0 [ 2340.924458][T27618] __alloc_file+0x49/0x200 [ 2340.928881][T27618] alloc_empty_file+0x8b/0x180 [ 2340.933712][T27618] path_openat+0x72/0x2f70 [ 2340.938181][T27618] ? memcg_kmem_put_cache+0x77/0xc0 [ 2340.943387][T27618] ? debug_smp_processor_id+0x3f/0x129 [ 2340.948855][T27618] ? try_to_wake_up+0x74/0x6d0 [ 2340.953623][T27618] ? kmem_cache_alloc+0x1e2/0x5e0 [ 2340.958652][T27618] ? debug_smp_processor_id+0x3f/0x129 [ 2340.964121][T27618] ? kick_process+0x41/0x70 [ 2340.968629][T27618] ? signal_wake_up_state+0x55/0x60 [ 2340.973835][T27618] ? __read_once_size.constprop.0+0xd/0x20 [ 2340.979674][T27618] ? debug_smp_processor_id+0x3f/0x129 [ 2340.985136][T27618] do_filp_open+0x11e/0x1b0 [ 2340.989643][T27618] ? expand_files+0x2e7/0x400 [ 2340.994329][T27618] ? __virt_addr_valid+0x120/0x180 [ 2340.999478][T27618] ? __read_once_size.constprop.0+0xd/0x20 [ 2341.005324][T27618] ? _find_next_bit.constprop.0+0x126/0x160 [ 2341.011344][T27618] ? __read_once_size+0x2f/0xd0 [ 2341.016207][T27618] ? _raw_spin_unlock+0x38/0x60 [ 2341.021185][T27618] ? __alloc_fd+0x2f3/0x3b0 [ 2341.025713][T27618] do_sys_openat2+0x4f5/0x620 [ 2341.030496][T27618] do_sys_open+0xa2/0x110 [ 2341.034829][T27618] __x64_sys_open+0x50/0x60 [ 2341.039345][T27618] do_syscall_64+0xc7/0x390 [ 2341.043855][T27618] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2341.049743][T27618] RIP: 0033:0x416621 [ 2341.053645][T27618] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2341.073540][T27618] RSP: 002b:00007fc0c32aba60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2341.081954][T27618] RAX: ffffffffffffffda RBX: 00007fc0c32ac6d4 RCX: 0000000000416621 [ 2341.089926][T27618] RDX: 00007fc0c32abb0a RSI: 0000000000000002 RDI: 00007fc0c32abb00 [ 2341.097897][T27618] RBP: 000000000076bf00 R08: 0000000000000000 R09: 000000000000000a [ 2341.105868][T27618] R10: 0000000000000075 R11: 0000000000000293 R12: 00000000ffffffff [ 2341.113841][T27618] R13: 0000000000000be1 R14: 00000000004ce04d R15: 000000000076bf0c 17:27:17 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="067de44ab6f1387ada5701a6a87ba0ca72df6fd8a74294b654eaa7176b82152aad9c3275eefccf356b9448294aca4d4d9180324bd5bfed6d4b17504691c044b32a31ab543b56fe8e1eb816799ceec92f18f173e243297708f879660449cf1e0b0561c917d605074775a3c5c5e8a8fe29d141775db64480fd63e52e7c1b56914be8d5d1f4400bf52bb0320feab3b2", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:17 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x17, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2341.209859][ T8321] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:17 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x140, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080)=0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r3, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r3, 0x56, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"}, &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r3, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000300)={r3, 0xc0, "a1e73966c1ef7fae200f40397f2e3d449ee81af6dce165d2f887b42a6d5f17425001939a87c550662466f7faa7c8a4e3466e2f5fb57b2d57acf619da8bf1f0230a5a2ef2e977535b5e81000aae19615d1d556e50f5a93e1468d7ba4cacb8b65cf93eb564ebf8588f1326b55cf17b55bc95635d0a9b33654dad7ad3be1c66546253b8646130057c5e1316d935fde849bb88f654979a7cb12a1391cdfc454acec715afa12a281e20da80294a70c6cfb370f971a890980329fdb94d320f2de16ad6"}, &(0x7f0000000400)=0xc8) ptrace$setregs(0xd, r2, 0x69f1, &(0x7f00000000c0)="168e6e31fbcbeff220d288e68469a9b599b9abf696c6744eebe3963f50a8775afc9950d7c8dfc3de22bcfeb33c640af38ff3a955b7eb8004dfbb92cf881f6c068ddddf507cb8fbd45ee7daff02a87eadcc778b45ca15a6050a3c7a7aadf05b518f9048155969747f4ef01ef0ab7d5fb7aaa6c750243262b7d47f141d1a8a42378eb0cb19b10252601d") ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x400, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="2f64ff76366e626430003d988f33070a23fafe916c7be54c798e95ee631f39799d04a48b7c70ad04cdd2909d407e465cc1209aae047b286d428199503b0a7d8b33e011946887c4c154b48ee460246a710366025b2f6833d1aab53aac30dfa9c3eb6ca8cbeff91b0df006eb36"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0xf6623895e0971ce9, &(0x7f00000001c0)=0x800, 0x4) [ 2341.278706][ T8321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2341.302781][ T8321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2341.332329][ T27] audit: type=1804 audit(1586453237.526:45051): pid=8354 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2628/bus" dev="sda1" ino=17253 res=1 17:27:17 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = memfd_create(&(0x7f0000000140)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x862\x16\xa3?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xfeY\x12\"p^\xc1\x0f\xcc\x89_\vg\xae\bvZ\x93\x86X\"\x1cVm\xb6\xd7\x94_\x01\r\xa8l\x9e\x05=\xd4\x8b\a\xd1\xd6\x1a$M\x9d\x8b\x13\x80\xe7k|\x98P\xfe\xc3`@\xea\x9b\x876\xc6\xbdhA\xf1\xb7\xc1\xba<\x11\xbd\x87JfZ\x90\x84:\x144\xa7\xb4\b\xe0dP\xdf\xdfp\x9b\x80\xef\xf9\x92\xc1m\xea/a\x99%*E4\xe29\xec\xb5\x8d\x00\xeb\xb8vw2\xf4NY\xdf\x91\xc0L\xcc|\x112\x9b3\xf5U\xc1\xe7N\x9e\xbe\xa4\xda\xfbt\x90*\x81\xeb\xbf\xe1\xd1F\x8cX\x11\x9e\x14\x8e\x13\xabEn\xd9\x87,\xbc\xf0RG9\x05q>\xc6\x938^\xfb\a', 0x4) fallocate(r0, 0x10, 0x0, 0x3f) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) [ 2341.484712][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2341.528304][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2341.559713][ T8325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2341.625238][ T27] audit: type=1326 audit(1586453237.816:45052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8463 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f6ca code=0x0 17:27:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x25, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2341.709854][T27618] memory: usage 306972kB, limit 307200kB, failcnt 3153 [ 2341.763067][T27618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2341.880481][T27618] Memory cgroup stats for /syz1: [ 2341.881199][T27618] anon 268693504 [ 2341.881199][T27618] file 20480 [ 2341.881199][T27618] kernel_stack 4165632 [ 2341.881199][T27618] slab 7962624 [ 2341.881199][T27618] sock 53248 [ 2341.881199][T27618] shmem 0 [ 2341.881199][T27618] file_mapped 0 [ 2341.881199][T27618] file_dirty 0 [ 2341.881199][T27618] file_writeback 0 [ 2341.881199][T27618] anon_thp 236978176 [ 2341.881199][T27618] inactive_anon 0 [ 2341.881199][T27618] active_anon 268693504 [ 2341.881199][T27618] inactive_file 0 [ 2341.881199][T27618] active_file 20480 [ 2341.881199][T27618] unevictable 0 [ 2341.881199][T27618] slab_reclaimable 1622016 [ 2341.881199][T27618] slab_unreclaimable 6340608 [ 2341.881199][T27618] pgfault 179487 [ 2341.881199][T27618] pgmajfault 0 [ 2341.881199][T27618] workingset_refault 99 [ 2341.881199][T27618] workingset_activate 66 [ 2341.881199][T27618] workingset_nodereclaim 0 [ 2341.881199][T27618] pgrefill 1565 [ 2341.881199][T27618] pgscan 1592 [ 2341.881199][T27618] pgsteal 368 [ 2341.982860][T27618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7972,uid=0 [ 2342.151327][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:18 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2342.194474][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2342.228861][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2342.392277][ T8474] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x17, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2342.433062][ T27] audit: type=1804 audit(1586453238.626:45053): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2629/bus" dev="sda1" ino=17253 res=1 [ 2342.466102][ T8474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2342.502936][ T8474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2342.696681][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2342.731120][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:18 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x4305) 17:27:18 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000605e30f4b94850f039b3ea48b603f5ffa44af18443c25e9c84405eb1525dbd5fd30f9c359a35b84f6dd2c44a6b21501361ac63c0be2db07424de2c57538fdab682b752cb1d6b6bde0d52f1be430a1b058bd6d0a2908c7530740bb81a3352bdcb40eeaef20000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2342.750211][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:19 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="743ab0f93a597b824f3e850eb721c162ff4b5a24ec177b214059f2741163e436a30e966e9464650a28d3b357075b3257154dc1772ae2598c95065e765b4dd823641b4b81cf1cbca5a4ab4a64664657b9d41b650dc14b460f9469793f75b95bd3f460beb39444bac4a8671664503e4d"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2342.930223][ T8476] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:19 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) socket$netlink(0x10, 0x3, 0x12) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0x4d, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r0, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_PEER_AID={0x0, 0xb5, 0x1ca}]}, 0x14}, 0x1, 0x0, 0x0, 0x48020}, 0x80c0) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2343.028654][ T8476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:19 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2343.083529][ T8476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:19 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2343.387932][ T27] audit: type=1804 audit(1586453239.576:45054): pid=8724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3458/bus" dev="sda1" ino=17166 res=1 17:27:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x26, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2343.568747][ T27] audit: type=1804 audit(1586453239.756:45055): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2630/bus" dev="sda1" ino=16748 res=1 17:27:19 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/btrfs-control\x00', 0x80, 0x0) r4 = getuid() ioctl$TUNSETOWNER(r3, 0x400454cc, r4) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:20 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, [], 0xa}, 0x3}, 0x1c) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x1, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r2, 0x800c5011, &(0x7f00000000c0)) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000300)=ANY=[@ANYBLOB="7e0f000000009a9e000015659f5bb7618b3869369b4817dfaacd5ea8eec0cfaf48673b2637a2ea5586421ef17798e98550260935fa2ff62eecd34d45c24aed05aeb4f37e86b56ffa3f2b8abecbd284e968d29d7076185a1f18b2cdac7deb7f6528bcde7684d6829121b1eb749d2bc00b2485ba05d04f285a1b29b10b87ea05d66fc34786dfd84afebfe8181eac8528331e2d43359fb70784c96e5227896cf03020ea7736cdc28f6766765257d9255b6be2b1a95cc74217bdc9af86f8a0c83aff7f4fe5549c3aeeb2d5acb6e7a6bd7ec1ed01ade9c2cfd154b500758e6641d1a239ca700e27a053ae512bd2af3ac6e84e92ffbf4efd58892f95f4c2a7545bcbc337c980ccea0000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2343.968919][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2344.042318][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:20 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000400)='IPVS\x00', 0x5) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2344.142773][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2344.196789][ T8959] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 17:27:20 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2344.349717][ T8959] CPU: 0 PID: 8959 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 2344.358353][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2344.368419][ T8959] Call Trace: [ 2344.371972][ T8959] dump_stack+0x11d/0x187 [ 2344.376315][ T8959] dump_header+0xa7/0x399 [ 2344.380652][ T8959] oom_kill_process.cold+0x10/0x15 [ 2344.385775][ T8959] out_of_memory+0x21d/0xa30 [ 2344.390580][ T8959] ? __rcu_read_unlock+0x66/0x2f0 [ 2344.395617][ T8959] mem_cgroup_out_of_memory+0x12b/0x150 [ 2344.401237][ T8959] try_charge+0xb60/0xbe0 [ 2344.405589][ T8959] ? map_vm_area+0x83/0xa0 [ 2344.410023][ T8959] __memcg_kmem_charge_memcg+0x49/0xe0 [ 2344.415545][ T8959] __memcg_kmem_charge+0xcd/0x1b0 [ 2344.420581][ T8959] copy_process+0x12bc/0x3b10 [ 2344.425294][ T8959] ? kvm_clock_read+0x14/0x30 [ 2344.429987][ T8959] ? kvm_sched_clock_read+0x5/0x10 [ 2344.435103][ T8959] ? sched_clock+0xf/0x20 [ 2344.439443][ T8959] ? sched_clock_cpu+0x10/0xd0 [ 2344.444235][ T8959] ? record_times+0x10/0x80 [ 2344.448861][ T8959] _do_fork+0xf7/0x790 [ 2344.452955][ T8959] ? __rcu_read_unlock+0x66/0x2f0 [ 2344.457997][ T8959] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 2344.464090][ T8959] __x64_sys_clone+0x12e/0x170 [ 2344.468911][ T8959] do_syscall_64+0xc7/0x390 [ 2344.473452][ T8959] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2344.479376][ T8959] RIP: 0033:0x45f259 [ 2344.483283][ T8959] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2344.503113][ T8959] RSP: 002b:00007ffc39b305d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2344.511534][ T8959] RAX: ffffffffffffffda RBX: 00007fc0c32ac700 RCX: 000000000045f259 [ 2344.519521][ T8959] RDX: 00007fc0c32ac9d0 RSI: 00007fc0c32abdb0 RDI: 00000000003d0f00 [ 2344.527519][ T8959] RBP: 00007ffc39b307f0 R08: 00007fc0c32ac700 R09: 00007fc0c32ac700 [ 2344.535695][ T8959] R10: 00007fc0c32ac9d0 R11: 0000000000000202 R12: 0000000000000000 17:27:20 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x4788) [ 2344.543683][ T8959] R13: 00007ffc39b3068f R14: 00007fc0c32ac9c0 R15: 000000000076bf0c [ 2344.556701][ T27] audit: type=1804 audit(1586453240.536:45056): pid=8967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3459/bus" dev="sda1" ino=17256 res=1 17:27:20 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x0) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x27, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2344.708635][ T8959] memory: usage 307200kB, limit 307200kB, failcnt 3168 [ 2344.764780][ T8959] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2344.894358][ T8959] Memory cgroup stats for /syz1: [ 2344.894534][ T8959] anon 268652544 [ 2344.894534][ T8959] file 20480 [ 2344.894534][ T8959] kernel_stack 4128768 [ 2344.894534][ T8959] slab 7962624 [ 2344.894534][ T8959] sock 53248 [ 2344.894534][ T8959] shmem 0 [ 2344.894534][ T8959] file_mapped 0 [ 2344.894534][ T8959] file_dirty 0 [ 2344.894534][ T8959] file_writeback 0 [ 2344.894534][ T8959] anon_thp 236978176 [ 2344.894534][ T8959] inactive_anon 0 [ 2344.894534][ T8959] active_anon 268652544 [ 2344.894534][ T8959] inactive_file 0 17:27:21 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-monitor\x00', 0x40000, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000280)={[], 0x8, 0x1, 0x6, 0x0, 0x8000, 0x4, 0x3000, [], 0x3ff}) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000440)='/dev/hwrng\x00', 0x6080, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3d170000000006000180c200000000003ee10b0eb3618867c1a1749aca2fb640693f81d459f27ad304cdc378bdc32ab3b5e136ccbeac167b4fafc17e8fb8a6fa243a7bbc7a8888b0804c257127"], 0x20}}, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x3c, r5, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x1}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x8000}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40081}, 0x4045) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0xa, &(0x7f0000000600), &(0x7f0000000640)=0x4) [ 2344.894534][ T8959] active_file 20480 [ 2344.894534][ T8959] unevictable 0 [ 2344.894534][ T8959] slab_reclaimable 1622016 [ 2344.894534][ T8959] slab_unreclaimable 6340608 [ 2344.894534][ T8959] pgfault 179619 [ 2344.894534][ T8959] pgmajfault 0 [ 2344.894534][ T8959] workingset_refault 99 [ 2344.894534][ T8959] workingset_activate 66 [ 2344.894534][ T8959] workingset_nodereclaim 0 [ 2344.894534][ T8959] pgrefill 1565 [ 2344.894534][ T8959] pgscan 1592 [ 2344.894534][ T8959] pgsteal 368 [ 2345.020013][ T27] audit: type=1804 audit(1586453241.206:45057): pid=9087 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2631/bus" dev="sda1" ino=17260 res=1 17:27:21 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback, 0x10000}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2345.378025][ T8959] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8335,uid=0 [ 2345.398952][ T8959] Memory cgroup out of memory: Killed process 8335 (syz-executor.1) total-vm:75100kB, anon-rss:2224kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 17:27:21 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2345.435593][ T9091] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2345.461305][ T9091] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2345.535937][ T9091] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:21 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(0xffffffffffffffff, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:22 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x0) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:22 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f8002dbd7000fe6e58794a1b6465c30fe4000100000005001301010000000600ab00090000003eac6cdf885fa136784a733920e8d32eb32ca7439bb98b70ba3eddf10e058ab8bd83eb96826f46557e539e1c81825463f633a0ea470409b0286784d4a783c638fdd2bebc730c2f9b26"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) r2 = syz_open_dev$vivid(&(0x7f0000000240)='/dev/video#\x00', 0x3, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000300)={0x3b0000, 0x7fffffff, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x0, 0x5, [], @string=&(0x7f0000000280)=0x8}}) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2345.924585][ T27] audit: type=1804 audit(1586453242.116:45058): pid=9420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3460/bus" dev="sda1" ino=17298 res=1 17:27:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x28, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:22 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESDEC], @ANYRES32=r6, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32, @ANYBLOB="0000b20000000000"], 0x5}}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r6, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=@deltclass={0x4c, 0x29, 0x800, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xb, 0x10}, {0xc, 0x2}, {0x3, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x6, 0x5}}, @tclass_kind_options=@c_ingress={0xc, 0x1, 'ingress\x00'}, @tclass_kind_options=@c_netem={0xa, 0x1, 'netem\x00'}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x4000084) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f00000000c0)={{0x11, @local, 0x4e24, 0x1, 'dh\x00', 0x14, 0x400, 0x5d}, {@local, 0x4e22, 0x0, 0x8, 0xcfd, 0x5}}, 0x44) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) [ 2346.128879][ T27] audit: type=1804 audit(1586453242.316:45059): pid=9428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2632/bus" dev="sda1" ino=17161 res=1 17:27:22 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) getpeername(0xffffffffffffffff, &(0x7f0000000240)=@llc, &(0x7f00000002c0)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r5, 0x5}, 0x14}, 0x1, 0x6c}, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r5, 0x610, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x3, 0x400, 0x80]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008044}, 0x20000014) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r6}], 0x1, 0x0) [ 2346.638665][ T9435] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2346.719474][ T9435] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2346.732784][ T2522] block nbd1: Attempted send on invalid socket [ 2346.739027][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2346.751012][ T9547] XFS (nbd1): SB validate failed with error -5. [ 2346.766676][ T9435] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:23 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x4888) 17:27:23 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="2fce1b00000000000000"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:23 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_LOCK(r3, 0x4008642a, &(0x7f0000000240)={0x0, 0xc}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="08fe18d12434aee45f0ae4a3b6d9379b296a80a541852cbcb6db0cc2e797112bff58b2a77aa271c2ce120f4656bd97f5dae480927dad866df1d7d8d21c625d829b6cfcbd838fa587a6553d507b0882a5f4032aad6aab6f1a2a8a4acb821fa61f4108d6e8612fef7a7cd053e49e3fc4bfe7998d1df985d5f2b2bc4e6a7e24f266424f0a8a83cc57be62f5db4fec5efb1e4f483d38a7304fed5dbc2f1351aa4d39de140a739ada8a4ada0ada171dd9449d00f8a64cc98766b3c3f8d56b50cc51e7bea8a43675ba240c7803fa5d6861fc091610ac3a09e4ab4b1b1e050b3ecaea5fa97a328b9ff891a7f93ad9f7daccf133162576aebd9c9616763fd5e71069900d0168f4567999aed996437975a97d1bcd1f597562a51080d374c8e3a00139754c3bebcfaebcc0717c06183aa022700dbd6d2075badac68a58ea54c92b536326c21d9392bea6df886ffcb13aceb8527b90f5ef5e9f2d8ac6df07068437105aa04e4fd780562b914c845efbe1ab552d236ef72e92148fb5a5ca", @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00', 0x0}) r5 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000280)={{{@in=@rand_addr=0x8, @in=@empty, 0x4e22, 0xbf8, 0x4e21, 0x0, 0x2, 0x80, 0x120, 0x6c, r4, 0xee01}, {0x8, 0x512, 0x1, 0x3, 0x400, 0x4, 0x39f, 0x6}, {0x8, 0x4, 0x1, 0x8}, 0x1000, 0x6e6bc0, 0x0, 0x0, 0x3, 0x1}, {{@in6=@local, 0x4d2, 0x33}, 0x2, @in=@local, 0x3507, 0x1, 0x0, 0xe4, 0x1000, 0x8}}, 0xe8) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) 17:27:23 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x0) sendfile(r1, r1, &(0x7f0000000100), 0x8080fffffffe) 17:27:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x29, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:23 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x0) 17:27:23 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x2) r1 = syz_open_dev$vcsa(&(0x7f0000000280)='/dev/vcsa#\x00', 0x1000, 0x151601) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[@ANYBLOB="3900023f00001000"], 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYRESOCT=0x0, @ANYRES16, @ANYBLOB="00000000000005001301010000000600ab00090000044ff9afb7971542c675f12629b55f8f7cdcc2b65cf086164a087578ed4dd00b10796189058e25f963b18e0e2f4a78d65807ff0c6e2018a08414c25e7cd4cf1a7fc427386301de6c10e47e75bfa9764b2f28b54095f04745c166db28dad238c2b2166e9be80d4819b846a8fda79cf39a24"], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @local, 0xfffffffc}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) read$eventfd(r3, 0x0, 0x0) [ 2347.279981][ T27] audit: type=1804 audit(1586453243.466:45060): pid=9793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2633/bus" dev="sda1" ino=17158 res=1 [ 2347.345173][ T9797] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2347.435273][ T9797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2347.441486][ T27] audit: type=1804 audit(1586453243.626:45061): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3461/bus" dev="sda1" ino=17030 res=1 [ 2347.472526][ T9797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:23 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) r3 = accept$alg(r2, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r3, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/235, 0xeb}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000500)=""/184, 0xb8}], 0x1}}], 0x2, 0x0, 0x0) sendmmsg(r3, &(0x7f0000002d40)=[{{&(0x7f0000000240)=@generic={0x3, "61c3c05573b9cb3b9431121319fe1ace2e6d569bab412ffd57541b3ec3b8acafdd9cb5000a9dd849426c343426f5969f7b48ec6aff58844e8581d06b1a6e34b2f0651635d38199ff57812772ea0fde8dd0afa8d33fa658e6fda8e5b67dc28363acfdad9e34f5a904ad5023966cf8cb2d3444a3fe099fa9a050f1373eab12"}, 0x80, &(0x7f0000000580)=[{&(0x7f00000002c0)="a621cd8b34cf531a6d99fc76c115d298718ab3be2c1a537744da38d56bb747e5c722013a8e1065e1a73cccc6b65e06b5da9bbdb376ef33feba78e94f77f40ffc9211705d68918d830d14bb4ae7398b85ed83e3f834388887e79b897610fdb14837b7be351090c0e9fc088ec5204c4da77c7ac0e72b8078bbe7fa1f0fcfe38979492664f497b5e5eba79bc0d7f7a4d71b694a3704401bc81538f5df05208c8b8194088d5fe2892417d1746074f851fc8c25c4f52cceb5b8250f0f62218a63f9e83f7f8ba7adca04ef74fffc9c012a6bf9b0ba9184568f8f16", 0xd8}, {&(0x7f00000003c0)="5a74191b2dcc2c07fe6cd87d2571f7abc612226eacc90ef096d9bf2fd2692c61f3f068a1ca007ec69af6f3d7c9de20eb1c667dfb8d17e46902a57ae0a215e86eefdffcd5d5be0292e8a12b38af913c485d72525aac4de1248d63214684e53bbc7ebf0b4e53c61db9737fbd76", 0x6c}, {&(0x7f0000000440)="cc81ab50b3dc19f2969b3c4d57d319cbfff0b394a5fecbee7dd1e19fcfb6c7b7e4db37706ada07579a78b598b7a2272ac8e52cfaacef2c5f10842d84eec7c2a688ad8ee02e6612247085c8d97e9a9f2bd11551b924381d4f8edd3e25751ca6", 0x5f}, {&(0x7f00000004c0)="7e5bc894afed3c6ac02598d3fc5cba9f0f79c31ad32f9c428fd0f7d23a90678bbef0701949bf499ad47e839b2846134afdc4ebc16d6986cc1988a2a32f", 0x3d}, {&(0x7f0000000500)="88e170b6d80e5c0555c0f4bce829a45ba4aed76eb666e63ad845f364f85fc3006e38550cc95902142078c442e34c549e0ccc933161997d685926a1", 0x3b}, {&(0x7f0000000540)="c7fcbf8ea4a914655b78e54a10ef2c54bfac0a6f00f8e1428a293bb345dcf0dd07e9b203af", 0x25}], 0x6, &(0x7f0000000600)=[{0x70, 0x112, 0xaa17, "fee67dca6b8f67c56c1541c006862d17897fadaaec34171390ff8d4f937e5531fc099129881a7a5fdff3f07f4432b0868bea1286736083a840acf5ffa19edcc0778282d916555c8cae5a75b94fdd3f11bb0148c316c7ad5db8"}, {0x110, 0x104, 0x401, "810e95dc8b22daec5d2040949416c8c3078cdecd5a9f366e4869ba3fadb3e14fb9692b37e81d0aeed4e0540ba56dc7e7e19eda990f3143c7136305be666d3f8e7ad8c531499e9daca03afc33ab93b4f0906a03735b804e646821948b5500b0df24673842e0e956c878c544ecf21dd4f8e93ccf5af97f3b16dbbc71d61b64c751636f81e7d81ad1ce781cc906d2d864e86b86ae0952d0f75154ceafcb2201be4d9b3ad3d52503fad831f4413e67e823454b327daddb0521bddb5bec1a1b674fd624e3a850d95dffa1ed2ba2122196f44bce9e5f9a9b71af8a938677a4445d9243e9ef58070c2ea050557bf6b30d1dbe276e297657ae4b294df4db0b"}], 0x180}}, {{&(0x7f0000000780)=@un=@abs={0x0, 0x0, 0x4e21}, 0x80, &(0x7f0000000a00)=[{&(0x7f0000000800)="2335bfa4714ed5994c4d9fa418444cb1cf4f8555072e169cae7cdfb0337bbace54085609fe6ec4130cfda49a82acec5dfe44a78d4cb09e90a712f2fbd12e64274dd422ebe9ad1670ba0e2cd0ee2285e863a593dbe63f3fd5826a53d5efd42e62c08f7f552be71bb33933ad72bf365c9b8d6cfc7c35071c8791947f3221ba88452058ab8c33be80a5e7d230ed0db1a9dcd07e0dcc533f30a7609708ce37213611de1e202ac410c66c6256dabbd04249e69dc0", 0xb2}, {&(0x7f00000008c0)="c5af6284705175944c99e61410fc0f85676fa1e50de59d4ad2a790ab8f3da18423b339e0e2dd6b9e2103389e293f9b6864077aaf79dd30d8884e8e33958b996f51af7b0b658aade4be5e79f90e74a2ec9efacad607b5e8106ef25f120229af23b581851fd837b22b8ca5d0590ffb7a55a9cdf35d26fe618949d1175b0363cbc24d4c0424c8feed5d997399bab674ec9287e0438ff47f1547ccaf73bc2a5f44c6d50a37b04fa34298b12a11c730ff33125487a890c21807b63f8e988ef7789c601abbfb0845d81b3aa718fb75267b2dbffc1a7f8c50faed", 0xd7}, {&(0x7f00000009c0)="600b51a14a29e05fbba21b7ec3a2fd4214e043da8e1bb8a8513bebec087f16469d4a20fe09808c888cb04f48f890c92c86b6f7ba", 0x34}], 0x3, &(0x7f0000000a40)}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000a80)="3de5b00868fbe917e053e08b6bece0be01333d2e3fb4e20e98d67781e9ab05df29ebbd3e0b734f43964195fbbcede0c5541dd4810ce17191bb2c2d0a672580f1fdbae3422249e7d1a18e8c266de8284cdd5b3d91bfac9d9a5fae4807fcc41d95446f769428611c2a1ba6fe48ea10331c20b0b8fa8db3b1aef41041270f2501d116c07ef10ecf538067082cebefe7db66ec2d7fd2a97cced1939c6e578550f4bc87e462f9604c85076229f136246f724b83700ee2a0", 0xb5}], 0x1, &(0x7f0000000b80)=[{0x1010, 0x10a, 0x58, "3f1db3c7de5e8cc2917f4ccb1bd6d681352e3d8af740501ac9ceeb6ce627e5a5ba741fc0cd5a8d2bbb8fc1dcddad79072dc9752af09b40c2bf5ec1082eed64b9f2b273ef29cd753200548dad6fc52bd16114871cd660f9c75d9bdaed6fab100dac4c81354ec87dd819f2793c015ffd9b5c2b9d13535dadf85197a9b1089d037141af5649566b8fb27ab89b143e96a1f7531f586c38103072335285731e85ece821fd4d22be13e828eada2fbbb748a714be67fd848e2221adc1c7410ba56e3feb90184d2000a48b4d8c99d3e590753a77ff82713f1e62d202f2a5cfecd4df8d91d5d22cf28615228e30bc031f492cb5bc095bc7dbb02f1c4f5c23d1fc9555886ae504b0c3c457295291f79a3df43ac1bfcdb409464fbea21cb711949498cb4992ab957304600278016a6d11831d1038acd6baa7311555031eedd497771b6b4607fea666d644ac9749079879fcaf46e8d9df6de033ec444c0183fb41ff5ca3263622035eb1fd351b9ce3db5e7ceab1bff05187db9cedf71ab9c305fbf95347fd47bb5b351ea0dcea5e479a8f397a3423ba68fcd10637f7d7630d076ed8faef9f09f33c3639c0189c9b5e131087a75cb32b9c030be6f93695d1d4f0ba58a77486b2880eab93c5231edd9aa28d952879f04ccc01aa084d2daef2730d8bd09f73b75dc1e75413cdab883fea1bf1ac4812704c3e726d8ba1cf1d1f524d52488fbfc0dd1d2585e281ae7807608f40f1ad4d4f151d97b3a5d3067f387792c8b1fe732ccf8f2134714e7ba99103937781c1179ef20e7a6606a1cf59fe525e2a98687f0a99f85cc10a5a078b288e5f1f1ae82a4ee6ecff1d72fb71758ff5e7f34023b45d28f69335be927807de80cfc75dd532255b65608e56f24e50e56bce4745a4cf577a657147a9f77b22d54885e1d8a6cc4e2b11318526bae19ea9bc09a2bd26deee166cdcebfbd3ac29d7b79ab4de9d25c0001e7b580d9ab9e0fa3639007f32b76960781e385aaf770eaec34e2dbbb8a410e3de2621fff1731b7074445395332ceb32fb234a0073dcdf29ab0e21c966406b0a7c19538c24fe1dbb91708e0f3135fa91498c952b9f89f807fa8209099036d47f451aa91304a25c39cea19be660ed39e02e6bb7b34a5e540cd24b78582638eb2b52016153d3217d9c37d3804c604ea973c43a6ded1cc35e8aba557e73c51d3c13f4bf3771397756e74c5f5cb56f709434eb9dc3e2ca24c406879025e77be5732adc00d9847d3495bef015645f281ec5d1f1d865ee586b4fba537c516555dd7c2d340ca25dfefa990fa9dffdfd44ecd34dd17808c9d2512aa642360551040fb8cd834d10d73f20aeadd2f9991081c35be3037d2c5542b656c4d695b5eb31f2a8bbe753ba2651c930d2b4be478002b6eccc3e1344c2dbdbd2630a037dcdca57e6542ecc2a82f74a3fed301ae61bb8054a5f46b35314a5c0997ccfa2f8366be460979455728e61355accf8b4dbb07d17e85c8df0ae6f372380f7db5b37c460503906e2d87304e1f851c7195d1b18ccdd96ac12a6142ffe5b6168b72880c85ed09be7e631c60fbc39e2b1d70c9d0d3385fb59387aa2b820b17eb6778d510903bf86b2cb9e4396e8495d3c994f41235ba7b4034c1071280026c6995168962577c711d44c58df06beb269a2187d15bae460767489f617fd648923276fc9fae52893d3c04defea033b47e1208e357629056237af60b90ca25046ff2e7d9a566f43a71fc14491d31fa3939cc1921dda5aba886c0d2d2ffcb2a1739f79579697ee4c51e1fdfec339ffa37a858e6cadc1a4acb86d53301ac8fe2e2122f787e5f88441780669da9fc0edce86bad0b5d0212bedd544d9b5cdb022066fe31e1b256f93548efac783afef9fe35393f43b2ef16af04b8234292dd8e7e0c122fdd53b27825838e812c66633382d1b17f3d94638b1fe5861e5737c5d6698b541dd33e1162e4307054074e28ea65b7ceb4d581273b1f63ca0b41d82518df53c55308711a8675c46d30704ad6444497dc3fd6cd1b4f674203bd60fba45fbc91c3c24f897f0dad721746b34c1685074bb706f86cb7f6956bcc7be5d10d1b527004e68b0b31df20e798d14af3a3d89d6e504f044e1f97f8d08791099a9802c8af34def3de482303736b6a11acf8cfbac3a8349585493dcdb209fb376068d0c50ce21c7c572ffc6b36586f0a140f1071fdccef5f021f57a489d5c0ae607f503a4244b90656abb531d96912c2d6ff301eb364198dd62a5724a405a39dac871cb7ab5b79df8b9fcbbc1d79fb10153afd03220ae5317bc57df88a3972fc51a7ad9f8c697e795d17ca4965ff0f53be60bbe9bf38139910f9194462c6492312252c6cadb74c7a88fd6d4022f42828c9187338647046e8da3297445f2f2e5ae18dc629faae67a25ec9a13c60f082107d6c90235acce143195a42460d37aade6d67a8902f371e8fcd8d48229dc6e935ca1a7b9fe853ce7b8f1d6789ac37cd92521623db09c7e5658da0671469fdcc66878af3edff496666c539e6791adab409831cdf184cf61f213523abb6faee1eda26109c85432eeaffc3b9c0428eb14e7a9ade3424e1e0b4b8f46903821675ea09bba26999640e5ddae40c576dc8aa4be5b2a2194758bb0992e7551f2c42b3e58fc14c715460044234bba5da8742f2bd0cbc951ddf1541736380f4198588f0c71cf86074860b3964cb7b7fc6a7adb38a5c2eb08112e7f129d5f01a3e62241f3e74121c235195dd0aff59afac72085646caf657868f4a844d9aab52582ad2e04b94ce150097eb79dbfc15e9e986c28f47b9e653c61b7768a02f547c4e82b6513ee8f747dd506ed40cafa7089cabfc9918c16ae2e9cf654b5c4f8605933bf6dca80868965acbb7399eb270dd07a928175eb80ae74795b1c188efd5d2e76880519df01008241acf53ee8bd92bc9078376d3ffe731631c8a29b9e621a2eab7eb5ffc421e736b928530e4f2c89c51e419b78f7491ce7b18de32f23c23171fcac922cbe8ee825cecff9d408edc2522c1363deb55e892118e368c709964a81110dfa1fcd11bdd170bac04908572e898935b599f379c489ac6dab43fcb7720a1a010b086615b6edf4487018f0ff0473ed277d7aceb0b3ed3dead0fbc868f255bc9fc03665bf5e35aa88a3fc5c960195ae25445dcad3c6bb49d0169e33913d0235f75c1d2f62a924d85539b01b1187db0a1590f84511e23b47b07ab4e95ad1448cfa014b1d1d9de2b4e3fac3436722d59e25b153789962ec0557a2edbfd8c22097899aa37dc249b0a9262a304924a2818f4903b2ffb67b8984351edd3bc09115e66de7cacae0a52d15b6058a53903993c86efb8f25e58425e756a7a9672933fa0bbd1d61e170f95bc6a523499c77619902aa58d2c4f05bd9a99e31ebe75b277dc1dbf45180166852754ad117c445334ea9fd22e1c97af4ff1f8fc60cd94ee766abf1935535ae9f5e1fec5289f23d7de9e7a4a5ca6390374a637ff809466551f7371866d576e377c8333d2ef44683c69ac9ebcb90022f113c27ffa0d9356bd799ed3d32b62c50db0f1bfc676355ea8ea87c113001e01a6bba535867d6101cb46dfe4b09783966d31754a58029aa83559964115e6dfb839605d75d28d46df88da482cc2a6b9f5ae96c6abcf462ae1d765a8cbf7e1641e2feab6720b02c2690e88badf55df2427333508f7276e8d8ab4a5cd4affe73e1790e4124696bc982b4e96c5236397b15ae4b30e15aef92d174faae8c8d3209e18fe472b6e2bdb247faa5d72208c438d4c4729d869fdd19a87a18b8f6f948334ff42d991b18e5707ade73decd5ffde702b1b1ae28739e1538621406a746698b9f519550eb031c764c23ae7a9679d064594bb506195c5401f608b77d0a9bf71b3400048fab9c04378b9004d8a8c40b98a2bf0182f6e749a83063f560cfa3d6262ff1da877dc740641bc8f5a8a98819961796085f03c37057d61490a1947bc6d728ed54100125a049929cd911382448c42d59b8408e7a5a846b6e8d3bc9c72af53e6515333c815b28f3ec20ac52e9ddad78ea06d700a0d1cb3ead6cf3a03eeda20424ae7b0109275f43a9f0d756d6fb1c917e5bc3251e2dae30a48a87910489b214789a51878348af6a939591382630afcb2b408e98e11307d6e97c342126bbc3ee4f4ef7d3a47d18da3a8ffe25ddc41313f421424f20a23900b3713c4dc8ee22cd86d69804cf1c053f6c5d20c3c5a74bfb98ac5cf60f4db9edadbdb124ee4c9554b5255fa44a473c5c1e867958ffed78329c537ada7db3c97dbedfaed5caa5d51297bf2011bcf322f718caa05162f80bd4ce4ffa74cf5132a198b1dc4d4e537d264ee16bdffbcdb7bd270cc8bafa503dbba0b5884d301ae7cc5837a2fd03b54bf43e95e0402e538ff042087b78fc7d56451a753130a3e5b01382949dbd83ebbdc8e3a559306776e1e8f21b6a3fa9b62709d73c03208233d2e3984354e8b544f69f278432204ef39aa7bd490d54bc6f280dfee5050e7ce5f6cde1ee2250b63d7191cad6a8af480e3998bf74292a7f18fd3722a0dd6a498d55c4259764ae2451a58c223646acbbea25eee91fc472864404d018b7b7f2f461ee7a391ae9adf6cf89dbe00a633eb4c194b39385dfb9e8262059c752abfe8164f0b675d67d72a1323c6c5f366f93c0ed2ea7f09dac0dd2b2a886c445e793afd22c850b1f72e7bbee985c6a1f3afd90469d56501247561eb2acc9dc54fac734fcc3c074a41764b115853dc03060245268a677d130e066099c570bf5c18cc889d684f2e5a3d81e4f22ad4720a1f2f970080079082a3d25d7190254d043a81da1bf4df67894afe50581df145de83d29c1ccc56fbcaa7b79317a7150586712ac7ad35e0934f912d47eb1ae8e2332218769a4d9e3ed8d410b2d64b55c98a2d74980144ce704b2156817221c22e69da2e792a9d0ffb4fced3aa941e223e7e55c65d9691aca7871b1c8fb39597d6b6a3e3b3aa3cc820fcb5210dea59ab41b6fa34452bb987e2fc8a70574ac1570a8be26507b9a3f2b4674fc5a37b445318ea2869035faeee1192dea75fcf57f2f5c5c49b7b0b51299e22be2378f07ea3009c615494b49334a13013736a2b30762ee3bf9450e7059e246eefd16512a4822913a0aded81be564577f06aa0cdfaeefcb16d249bcaccd9cbc86f53b175af67c961a15c24aa3a9992ae5788c79544050363b23a4ea587c7403414eaa36423c7fc9e5366e44a8991da75fa87f2f7d6eb0e639a840000ac3a112af720e52d5f7c8045462c56c1ab75c788a4bc4f6eb2d9901f2d23fbf62fd3f026ff2bf1f3e2bf45fe9bd241a658c694209e5a37ea0e009a81a05aa587410d81385c66d37244657627178ba213170ae71311c094e4f37658bc41eec528b5357f359f2261e72e3371085296fddd15e64c2aa2321acdc406767d44e417a5be8d801dd9f70b900c698e6144f3e199f2f4cb4ccd9d90619e2ca3b6c05ca0be0fcc7d0f3bb205cc20dceb49a3a7aaaff26cfb8c3619f488d96a75800cecbcb06c3d502048cd85db4657334b3aa821be932d9bb2e6eb129afb7619bd118a608e8f9faac723b963f261d1da5310357a0ae18f1191aa500c0bc80fdaf2a0988d6ea206a4e87c6b11b878864717201321784fca944eacec131ff1d1769f64ed2ce6d93c087b5b022def940feddaa0f74fe0c5976d3b255f740fe5389dc9d137ef1dfd44813be83171ef0f03971bac6807eb77d45d2265a441ee6b2698a84f9e25ffb155e3cb33d496e04acd007630d9f009e73580a08c109483a95c9"}, {0xc0, 0x108, 0x3, "e4cd628e00284dc43927ab95256049b2a69baa127d3102244f8ae1e6223f1707ddb77ea1cdfe39dfb05785a35e2c8f77f830cd7133b58ddaeab515e92a6c43b51e98538ebf2549df9003c5b9e7dc03ec7989cedce3c2cf7e6a5b382d8215059e66feb813e0c027b11b64f03c330dfce4a8de4a46880b589e7611c8fa905fdf1630f62a08de1138ba08e1a4bb4f77e95432d290ca76537a44bcbddee521b9303925e51c287bb4327fb999767706bea6ff"}], 0x10d0}}, {{&(0x7f0000001c80)=@pptp={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x80, &(0x7f0000002d00)=[{&(0x7f0000001d00)="278afd7ba7bb3eb2948ca1d67219fbc78a415890f54435ac1a15aeb6beec4a65fc16578de9877834359b9dadc2daa2cd02fdde76c8fdc7e048732ff4b392d78821a517131c4753636d4398a842526f929cbc6e38e6101fdebff06ae0a37bdf70bb5294937133102b07b60659c258cb03e3d9fb5185829d16a2b0a8433bb64ac887744eec1766d6cb7494f627fa98210b5ead91e8baa25d338a9474cad61fbc83fa677936e1de776c179bdd1b2d2d7b2744ed040300b70505a157143da692192011efc9492340b57884c1af37120685d4e86791517c762c8f87f63dab0624c7d8a711bedce89eea4e94d48917854b26c2817072b231e1968150943cefa73d58efa8e56c9a765c231c48b97a2e47789be24247f44b026d6d5a3a1cf11349744c124b87ea9d7ac30666ac372d18ad0cbf18d290d7de439aaa562d75997b57d24ea1da5b73b1281ef408df9bfd0c92c711c968f5ed2bd19f5e71545e7c0a6209d3ed491902405e41553ec4725af4649c5d3e6bd0b0d046ae7d7e2fb3870dbccff8cca25632065a478be65138797df6a97263775787af9cfc33395974bd43eb33bfcca0840edb9b603d074508c676ef26a99e691ca7913dbf96f60ee59a17fade8401cba219937af9e7d277d40da21890482e0a3b5b0dff42d8090743e6f916a30a4b8ecf44943df6fffa6b6bb80d29707fff062926c37b4e9ca3627495b0c9a1af16ffb47d6e97dabfe1c7d9a0958d1e4f21e939454bb1a6534e2526cbb2e9505a409e91bedd9f3440fe24b0706b5805322af86c411bd6a0a8238e27eb5f9867a5358fd94e7dde85c4217677ecd37ca6cc1a1c5bb72bd485aa2e855eb86c1f9d1f3853657195e61052f2fef634ef245ed05e2fa2a9f78593ed6f54722818e1ae025a55c35d9a58bee3b21acd6149e75f9cfaca80ccfa032227d459812d2c0fce3193088f6aa3f6f05fa17cf21c00965bc65b890ebcf5ecbb3efdf8b0e869f1ce9664f0feb018c44eeb9dad143e5c70c6e167dac7f49f1618108a82201749596258cfa258287274d60d4c9efd6be09138ae69f820b8ff379a29898fdf358f2ce5f47a67806008a2f3bbb33e4090c2dd44c8f30303b87e259cdf6038dc164628a73f6010b383698b661fd70fd55edeb96f2543a72fe33b53ccc3c7f4625b76901fddd93bb64929b9c1ef3cf8173e71aabe2927a6018c805f740714b6b3669310d595750089f52d87f7a2f2e8008c00e5bb7f617f48b17303546a8c0fef0a7e6370701be61a3f24ba8cfa99a6818bd624a0c6d4ea2da1a03403151027b449b81c360076553e31f518f82a0770578dbff320979989f5ba3c435562b4fff9fc7f096a4810758b4f1b3641f9036f52a44c064f0d0235a1cff7c742cd1b513422fb2c689283be0ccd4fe6a1fe61c2fb9d0ef2ccc6d0272a07c46ea80f67c05b41561451054fed07fc545f74a26e91555524b5d5835e970e119dc738eaca98d8588ba0624693951c9732770d6e5634467e2ed771d5499b6cc182ab6470261bf6ce7581c3bab312ecc4213153c72e32ad7085e70f1fe3036279c578566451b18dc8071359d428db2370235a1f55ceee5648f4b260f67eae46d4a6d4db45c719b3b3765040fb1df33e2551a843528f3d7f5b6284969a6888273516c462af88c192e1233dcad656ae39aa7f26f8248c871388c55fe9501dd20d69067ac326b06528c3ac5c1259ebfffa8ba14d954861ab34e920dddac877b21f83d4af24b04e75986a86fa08a962c5933b27b6aaf4e7e9b27e0a5ac9625c038a07d1710e7658e2ef28acdd2360ce5f92cdfeb5ce4a8c59dd5bd8b1daad8e5daafce80f9e729a1e7abe47f34c3a745c4827d6ecb3d697ded735c85182ca215a8abbad4b8797f0764c8fd791304178a1c3de3658b9b00f2486d760ad2f2cb3d3cbebfcbb5add560e673d9c6adb8a8663636a1bb8340aa3914150a64cdb4dd72c93a295bf397f8eab049d719bf2c0063231af600df3b2559c77916ce57583a34dd679791d6b0b47f199f6eb82616fd61fd150efd7b49fa7a000048ce267f17c583ab90af42d0dda3feea7999af45e51a6c73bf1fd1db50eb0f228a867dc74d833b06e8ff5b7225750b5b34d904ef6ae91f2443d60a9be57cf016e8f26c1dd938f6734702accbb1c9b326b9b405b40b89b358020c99c15e6af70ae1ccd74bce9c419cf115318834985565c6542faeb231aadc5332909a1e1ecc3c6c596004f70162b3fef18b9ce27cc01d26230e405882e28d9a24f4ae95aec145b81a3570068a2a9884dde6720716b66ddebb2b27e19bacf1f4b715ec96fac648cf272ee39219575013254a2fea37be9cdf108936fe3f4c3c619a32d90b4d5293374e2713b5b72f4b45ac47e1ace4b6bec132fa029968f12f7aacde59a3df5611eddfaa14572399997c9453c055135680717e6b68fcda0c85d13294afcfb3188e25af990730d977b6e10cc43e4cec2646879e863fa6717590116d348465fd7ac1737e32bb77ed6c60809a010327feab125ac59fd178bcc3ae75a684f58423023f7ca84917812c6043cfbe3f04c7b0e731c0b2f2660bbe44fbb1ca69c792e7e6e77393f0a719e429e827457d95717795749c1cd3f6315035253f69a0da0b7da4a0c2d2b9340091335fa4ab0c5a3cc4915c038a503265ffb70a83e1c28f47a4ec73e8fc65f41dcc3b7b72feae3f8e8e96bab7f3fad639669bd4bede52a3add7ab0b21e73d3b4ca6db07012a13b1e07016401c5a423eadd1f512a0d13758d3f5522cc9a435c53fc617b0eb305aa3ca8a532fe89b98528a9d6a3b54ffd4fdf9793850f54f3338ebb60425e1c4da9d8a700cef97e4cb996a53f47db7b047f98814654d04eef6b06483e90d31f82de9038f8cd9799985202d65026b6e0bd40b8d27fee3d07134b796fc58644dc88762a9831d8bc92bee3e31fda01f53a1899fefd6d371c84e8a4ff946c52dfb1d3c8f3cae431bb088835b9039087dce31e15312719e7e67082aad3f27d38c27dc256293ce945e54d886c4cdc3f9356c3e6c5ac523cf8318ead61edea79ca81fc56a07279d1ab2c8089b1835c8a89ebe1388cc4e5abaf3042808f1d79c1a9ad64a6b35206de4d13e302795be2f34752c05c8b950a1b5ce6a51da48c8c87a89f087534e7f8a5330e7e4cc1750ecc81c77f11ce19e80c31257178f3a6bd1ed7d609f2fbf35a81607618e86216837f275c014add5daed13343dbf087150999f4a2a0f91e4de4ed336700ee1802965b363ba0051d1c859917aa923bdec53b6fe7f0fb1cc291ed3a870523bea3181a3723996d2684715b201332b52231f07a9a4811c17dfc68c161d6b104e7e30b16ed6d68b2f91a28ca76fb689f343fb48fca99907cf350941bd83e94406d9a369f2d64932bcd1b985960e1106ade017e12e07b8e3ab43341bbc6590461b50d1dd13a34e72898d0cff1e848e56c8bfb4fc6fa0cfe42bb8fa33d3cf571fe82e3a421cb149f4771476b2c51eb7a3e7643836e18ed910286ff57df1fdc948ba9430487fd2fe6bb3169af36bfe3c2d4de8e9e39c684b1b1620ab60253b8b1641edb89107b6ac4bb342dd96e0b337ee9eb9c2d8333f039fe3c68e55f12d2f9e7ffda65345ac301b616875ea306bacdaa5c4115631169ea404b41c5c1b798a0631763879bdf2437ed4bfb5a24724adcf9564d5f795d9640e716ff2b712a1a927e6fb9d730c276c41640167eae163124a070ed2b4aa7c18deb91895221980d9501f1361504b680794dbdab2214091545a78ce709fc2572401ba1f7b3ca311d73ce4dc1205914d6b5a6d3b330aef2e2deec05b5a1892419e6baf08c9ab323a4506da245ffe04dd6ef1c58ecb6bd252266f3a955d6215a8e92619e9a845571373803aac31fc2016eb178c8325294d7516a41ed962d7d517f2c3d5ca4e280e1ec644c8661ea28c2b165e93d27ef62b284fa31f33c554bba28ce6b6f8633b8bb1e168163467e20cb86b09589d17200bbf978168c8b67edddf9cc76eafd7f03d714381a6cd250e2e5d8e9fb0f642ad2f3dc091956be20a672b52e29e93e56db84e962c45b6dd0dea0b9978ac574adfca56ef6820684c271246416be348efa6ce17e3113b972838680e2619208ad0fec38429fd1e0b77285eca77c95104f995d9b0f38044aa402411fbfe0679f1253d4de64d396003e3cbba1269833a33b749185a4e7c5cf11cb8ff78dcce0d5195711af8c4384ac56d4c979dd53e36ded078ffbb963d38ddff50386edb95f7d37f4e43681a1170429d6003e90a965ac09ed18eddbb2204f0b6867b239a7c40d2b95cac8c658ef47d627e535c0f32079e1642c5823827d14985e215f59703fb2dab285a3365d8dc5e6b4960e5d883695e0b192dc508421599012641cc4b5fedf99333fe79ae917a80b0b1667968a4c06c6677e8ba44127f4e0ce9c1037716257c2ac610f03d24d6089f004cedab7d4f3aad3c0cf9e55f55c6cb91d35251a2d4592320126ae298e55cfd695f06b23acd4ce6fc684d9a6b734685352aa2394c7916a740ba877088f51aa1e5fd75fa6f766cb847eee70e3424fd86efe31663cd94a22ea8bc3a94457b3fb5b735085785d69273aef1e448e34bbc25b8b4af22b118e8f0111a44160efbb97db1b76c6085a5730012602a950eed92582ebd6f4367c18dcb8e0fbcbc8b8d5f0948d8098f39850a8deb86e1933fb3446b674bc24dd4c0d309e894fbe172bd2eab9b8aff2bb0eda362f24bcdb390851e4a8b605bfd55168e77588e3479172b8860e64e3490111a2c119142c4be66f789334cdc7cc80c873f628190286d635644a2b88c4dfa2e0e88b7a688026853593dfa9bc8a7e7041a666aa8fb947b4e281c3599616029b042ac59609165fc89660a5b1bc6eda663211ffa162a38df2fd75550ec608d84d7e06e746f8f40a3b64fc2188bf186fea6b6b14c72aece5f3e9c71249926348247167458ecb09f5bdfeca3781dc56b218800b79137232be166eec2e474732c6883b6028ed9c21dd45ab94bdd8fadb562ea76daa05df8ad53f512c16e024116e27dab88d6e3d84e29198c9a1808c1a4d78c8b1a7b98d44b19ee05109102f5210074a3915bf9a42b292a40bc7ee3fa568513845cf1b66a65ef33e3127e5e746ae25825b560062649668e07d21eec09d8a0e0f3c388ce2db853b2e46a078698ebbedfaa9d822803c8503ebcdc26b8ae2341f55bb9b101e9fddb44a1c4875b81913b5052257f887df3e690e729328765acc007a9e5e057da3ff7671a16bbc1853f8266df9787d2c07e4b5e7dd44f11ffd793ba441b34956fcc7579beded255699d043dd163fd497c841da4f56802f7eb87d756a049a46b47a328312cda1cd7247795fed4e7a3f974bd8754ad63f81f26bc78e1aa6d43395142a6c9655b31cb05a814d9472f228f4506e188f299b14118b4e4771fca21831e7c93945932514d01292aae2f0eb97d7d2d3e65aa2ad955b227e2196da3a2664dba3a24d3ce6e36406adc3a86946f61e10f74ccc63b412bbdb7d2b3e5e1436fb2e2d4e3dd112ae6f5991235fb71bf1fbfc0f807075fc15358d6b08fb2a4861723f54b0d5d5877b1b7d9e43f98cebbfcdfad8e5062fc4ff7b78ee651eed97e0dccf71b1229480f80cbf5bdda33cb87331c98a6fee04d53983e5d3c19a64219180b2de19193108cdb5fe9f5a232fbc1cc97d81fdeb7a97a9b0d50911e944c1cf8edf7d235b13af1646805482a0309aa45d1442c8e3b77f5d3b4caeac70ecf0dde2253ed6eb9fe50589cbb9469501edcd28a04f8f68b8de7235", 0x1000}], 0x1}}], 0x4, 0x400c840) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r4}], 0x1, 0x0) 17:27:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2a, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:24 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) setxattr$trusted_overlay_redirect(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='trusted.overlay.redirect\x00', &(0x7f00000002c0)='./file0\x00', 0x8, 0x2) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:24 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2348.104548][ T9931] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:24 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002d8234a6bedbdf2514000000051ee4000100e4ff04001301010000000600ab0009000065"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2348.178931][ T9931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2348.274432][ T9931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2348.350767][ T27] audit: type=1804 audit(1586453244.536:45062): pid=10041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2634/bus" dev="sda1" ino=17158 res=1 17:27:24 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x6000) 17:27:24 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, &(0x7f0000000100), 0x0) 17:27:24 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2f6465762f20626430fc278f5230e225c7c664e3dc6e06e2c419955bacac862f20682475964536776300bc3d7c068498b4bf06329b3e9de9134f00"/72], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:24 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0x4, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2b, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:25 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_rose_SIOCRSCLRRT(r3, 0x89e4) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='minix\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) [ 2348.809142][ T27] audit: type=1804 audit(1586453244.996:45063): pid=10160 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3462/bus" dev="sda1" ino=17049 res=1 17:27:25 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="0e000000", @ANYRES16=r2, @ANYBLOB="04002dbd7000fedbdf251400e3ff"], 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x20008010) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$inet(r4, &(0x7f00000002c0)={0x2, 0x4e21, @rand_addr=0x20000000}, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000280)={0x5a61, 0x9, [{0x5}, {0x3, 0x1}, {0x2, 0x1}, {0xf}, {0x1, 0x1}, {0xf, 0x1}, {0x2}, {0x4}, {0xd}]}) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r7 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r7}], 0x1, 0x0) [ 2348.964089][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2349.035418][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2349.079216][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:25 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2349.516771][ T27] audit: type=1804 audit(1586453245.706:45064): pid=10416 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2635/bus" dev="sda1" ino=17158 res=1 17:27:25 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) getpeername$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000280)=0x1c) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100ebff04001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000002c0)={0x7f, 0xee40}, 0xc) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) write$cgroup_pid(r3, &(0x7f0000000380)=r6, 0x12) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2349.681540][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:25 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2349.816150][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2349.849284][T10284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2c, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2350.122635][ T27] audit: type=1804 audit(1586453246.316:45065): pid=10535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3463/bus" dev="sda1" ino=17473 res=1 17:27:26 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000005c0)={r2, @in={{0x2, 0x0, @rand_addr=0x400}}, [0x0, 0x3, 0x0, 0x0, 0x4, 0x3, 0x0, 0x951, 0x7ff, 0x0, 0x5, 0x3, 0x4, 0x0, 0xfffffffffffffffe]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB="56005585a36bb0000081a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c83"], &(0x7f0000000440)=0x5e) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r2, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={r2, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}}}, &(0x7f0000000300)=0x84) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2350.579340][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2350.657418][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2350.698828][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:27 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x6488) 17:27:27 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="2f6465762f6edeb5705b3feae63e47"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f00000000c0)={0x101, 0x0, 0x4000, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:27 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, r1, &(0x7f0000000100), 0x8080fffffffe) [ 2350.934590][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:27 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0x0, r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000905fe20000000000009500000000cf485565aed22425005fb0"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) poll(&(0x7f0000000240)=[{r3, 0xb280}, {r3, 0x9004}, {r5, 0x211}, {0xffffffffffffffff, 0x200}], 0x4, 0x2) [ 2350.995620][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2351.014129][ T27] audit: type=1804 audit(1586453247.206:45066): pid=10660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2636/bus" dev="sda1" ino=17168 res=1 [ 2351.062529][T10577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:27 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080fffffffe) 17:27:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2d, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:27 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000280)='./file0\x00', 0x5, 0x2, &(0x7f0000000380)=[{&(0x7f00000002c0)="1ceae02a0b78c1abc80fb51e3bcf32834b20a99f3af84accb726dd41e603562aee4fd7fc0a1bbbb69e02fd1a8c6d11aa1a7368930fa6fa562aee", 0x3a, 0x200}, {&(0x7f0000000300)="41661bf018e13e9126d7820fed87c310fbaad89abb5bf519a18942d1f5172434bb581156e28ed13ed3f52f7ce0ea9c7ed3d776253e7afdedf5324310a8d41bb2e09af39c727b57bde6214cf044", 0x4d, 0x5}], 0x2000080, &(0x7f00000003c0)={[{@heap='heap'}, {@lazytime='lazytime'}], [{@dont_appraise='dont_appraise'}]}) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:27 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000140)={0x0, 0xff, 0x7, [], &(0x7f0000000040)=0x6}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0) [ 2351.568344][ T27] audit: type=1804 audit(1586453247.756:45067): pid=10784 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3464/bus" dev="sda1" ino=17161 res=1 17:27:28 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) [ 2351.851570][T10791] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2351.962159][T10791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2352.035758][T10791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2352.119712][ T27] audit: type=1804 audit(1586453248.306:45068): pid=10924 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2637/bus" dev="sda1" ino=16711 res=1 [ 2352.197181][ T2522] block nbd1: Attempted send on invalid socket [ 2352.203467][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2352.218352][T10920] XFS (nbd1): SB validate failed with error -5. [ 2352.389825][T10795] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:28 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x400200, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2f6465762f6e6264300092c737bec81de0ecc2ea6d22fe0fcc2d1395f20103879a69c0f2d0fdfc77825d0e600f9d65c11f3e05d8ec17a6ea99f9484182c6210600000000000000c3f3d79ec1a6341854b1"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0xa000, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x4011, 0x0) [ 2352.447807][T10795] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2352.471017][T10795] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:28 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000140)={0x0, 0xff, 0x7, [], &(0x7f0000000040)=0x6}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0) 17:27:28 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x7000) 17:27:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2e, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:29 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000980), 0x10a9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080fffffffe) [ 2352.933780][T10956] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:29 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) [ 2353.026256][T10956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2353.066110][T10956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x2f, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2353.308795][ T27] audit: type=1804 audit(1586453249.496:45069): pid=10970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3466/bus" dev="sda1" ino=17076 res=1 [ 2353.405492][ T27] audit: type=1804 audit(1586453249.566:45070): pid=10979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2638/bus" dev="sda1" ino=17141 res=1 [ 2353.701763][T10981] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2353.717663][T10981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2353.745252][T10981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:30 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_ENUMSTD(r1, 0xc0485619, &(0x7f0000001540)={0xfff, 0xff06ff, "4d96e7aaf16d3faeec31dd5b5ce6bf2a5fce2e72dc52d07f", {0x8000, 0x1ff}, 0x9}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/10], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) r4 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) vmsplice(r4, &(0x7f0000000440)=[{&(0x7f00000000c0)="e339b8571e7b29c940989f", 0xb}, {&(0x7f0000000100)="ec1d754aec79a224870bd1fc6df84a34763067741cba26d7dd4ca64b73bec1f8bf98ff75efe521be138700b44acd38cdf2ec43313e38926f943d0d8979b44fe702c7a6efc849407dde68571345b8548e1d05697cdc93acc4edf17ec75e919483722b5e7050f67be585fc7028d10dce8f4949b3a1f892e65ccf46220941ee20d8140b964b7b9d41b7f379cf855973e45c5c747f26dba7cd7500df19ab", 0x9c}, {&(0x7f0000000280)="ff0b5ae1f54c0a6d1f87b6b812372af6509343505ae7d9e6e8f242a969ffc7eda30c366d39a75274c5ba0d0381fc5a44358d8ca1deab4742775f8a623801f2f3cc73960b0c34058ec9382db8694e6a95ae545157e0ed8054196d666a06e91f86875481eccf49538d4260015e22cd2176a4165095d2423f6251204658521fca7ad6bb54e6d8d05ba40b16243ac00e1b781f0803be8df80a34597fc019ef39925143", 0xa1}, {&(0x7f0000000340)="3c6278051663e4965da75c3ee8d661df9d6071dea8eb09bf6785f47fbc401b3e20754a82c2d8feb43e15d80fbdb5c977fcac88230ee970395f539ee6596dfcaec7bc0d83cae09ec27cfa98f20b6c1902fc092d314b34f8e8accedc4522645c4cf40d9fb4c9da0136321e06eb66fffbed60af5e985517f2128c832aa1166e25d822ab396cae20b00bc74aeb89d7102f347d05d46609b7bb108b", 0x99}, {&(0x7f0000000400)="36058a8919600855a387fcef24573ff8cbb88a3df6a62e4dcf4c", 0x1a}, {&(0x7f0000000540)="e641f376a45e4e1ad3c51e16c0a17fbfb79cd585dfe326ef4411e701228606071a80a6c0583df7d6f760d92638e8405b23fb422e9c1a5caf56c92c3ba3aa5f9701ad85bfe3cabbe323ca4e627f1c2f5528b713fc4ef1a2529381f42edfa47c36ae32f92b054cabcc17039565b4bc062d5fcf29f5eda8905bda9c225f0e7f4928fdd7d0ce56b43e67e2ce463695ea25832d8b6cd945b02eec004e7d1808ee273c31497ff5d21208cb4549aa10b48b0b2e64236a6327ced82988ba63a2ba58c895c4b38a5d915d6c3d562b441e52871ae39a51baea5f22c7d1b491953bf542ba4db56bc49ee2a77ab01a478c598287416aff00c276ab84b164c12e7e5683a0a8d2c4f93f0326997f8900144dd58504118664dd9286b9f4b835f3baad10586a0b7e87a440e1bb4d1ccd42b9d6a10e260803615fb5344df91ca21e3ad738b19b20414e16c7b6c5a72791b5e59364695b14ad02965cd9103baba96378e3bcc8e9221974ae3f677d3bc0eca621c4552f3dc6495724d6107b9b1fee0c7a55b6ac0d0f26f8d9a6e54ad48161b77fa73984493f574375f7d9d2144236711627c5f7afd95f167ecf7a42dfed90650565e1fc9f4ccf9970325656b2b0693c24f2951a74f39023e4dfaa7f66ef4e740b7c3ca06e97dd6ed3703f26095919c579392d8e8ce76e8281ab27e70ee983df385c76dab7bfb4e5a87631b7e5a384de4c93c1516b331046452227d2f879be0375f75957bad3c7d9af5f3eff14f92fe8996a64c7979194b106f301ac9216646e6069cec164315569107c5010f0ca22a2a8c38e5d1fb124697c95babfd6137dab74dd5e35a0bf788146e28041039ecdbf03b4df63b896fbeff50d00375e567f6e828ea35e47a9d9b54a341f4aa42a05fd8d22e6dc3645e1c9fee42f4e7272164ee6a08d9fec6832223a0842ffa683d72be4bb4be4e3e14005c834daa48df76500c078a6e126050216297a1e6be53281125a34448578d5fa01929b37a2027fc76dd28aa75221a152604cdacc5310c2caea976a8bbbe99695b43fa2c6f465703ce70bafcf17b31014faef5bf1d815faead25c50646402f4f0fe659e4944c0b1e9cd885c474c5d9a9833b0a84af5ab2101796717b1b21f4f987a630df19b6b51505a2cb7bdece27b2be56bf053237363cbf6049b5e107bb1e7c02eae5ff88ba1e5692e0246159e89b1242cf2403f703bd4ab2aca60ffde738471c04a0919c08d9ee20dd83ae4743efbd8817cc7f5f0944a391c93e70e69c5307df62cf06c67726dbed42f310de43aa7407e3231286a159051251e5129bf2eb749eaf1ceea263839bcbe4924a6f891e3d761a145164f365bdee47c4190043f7ab15691f7592cd1d8a2d6af64824cc22d1ed8a317d2c1f08b41c28936b46147992c063124a0d471794992d0efd4fa41da0aab1874db369ce2520ed1a67ff1132692c9699dd0c6a560f0373d4c04b0d18d6130bcf4fcf42aed0dc01e77bb40edbd7c135b28b1e5fa960cf6a3b7204afdbe6ceba234faf58416c994594649d351fead9193d7610cf74303527b7616cf2f9790365f66459b107f32fcf054b149afd0f64753c539b92f3f49a384211ad2a64d33d0fe491d13f075374c72a0d27509ef01cc8228590c5403aaa3ea544b40be2f41fa463de03789141682628d51bf08a324d639f2083be7c1042e8354f2e838affe2b6a32d188f4f83c719dacdc3df380d9e462d9a46ccea5dd6c88da8939ddf5c4e575dc9c8431ce66c5bd8c9ac82d8c2b0207f18945d83e71e24f28231d946ad4354931cb24ac9c5d04ddb4d3b63b46a23f86bc02d29c9da2cbb5b3cd84f429500ce8d5820247b7bb247cc3c5d9abd31ffd685ef77bbc97c0976770985d924e0957dfae3973afe42e77815ea1b7dfb1fd0eb197996b316b22796471fa59e74bed08826bec5cf6c99f54b7df780ac02efc2e80a327f684dd088f443db14be1e3809f9149715bbaa8a6615536406a6b20b040c19ab56e634ba1ef0a5f834da1ef5bf11fa59cbdd84a084601fbd0fc277e5df0593ec9811df24318c8772cdb702dd016177962431093ecce8e8233666ca96f483584f35e27d60614ab81211a38cc0255ab57ca38b608c2705396434e6a5bebf1d5e1430ef1f0a296f6ca70d4706e0a5e34305b9fd52964903379e851d4dd54c6033357035d695aa62884ac659912a744849c0c382e7a811f0d45b70cfea57fe104410154dbea8e6b88ff0f8707c9acc3143b20e706fe5949cd1bd2e0f7bf553b7b8082aaedf877fe675659e291ea5d16838ccd364d847af420e3630d7f791557a5523292bce701dda0bb904997215eb8237c9852e4919e2606ff7d9f085ef6dbc7432e6bf1c79f491876803d28d70c5374bc8f39852ddffb355333d44b4e80eec981b29300db9d83bc18cb0093b7b5bd579fdad90150ef346d79c0dbab667423dc50329282593670efa855d9b3a0796e925298e3d35e2378b57ef72a0a3998847e05641e3c60abacc59ed6027eab55322eb619cc2307720423478a7978944544503c6c4361d958e8e426622000d209bff8d5bb4cfc9adaf85305c1a0e573f7091d2809dade0be70afa967e9402c38bf5bda0c5332242af4bf723c83c1333ccb3b49e80f92677e0a971f038664accf49e6d47a52e474bfc54b33a0c94283329e4d3855f6ad3f0502fa7ed675736d086fe2c2855794a780b7ea065953b1db71ec7171af754e9a52905969e5d10ee12b5d68900b6dd501f3f20a8ba2d60ef26e5bdea0e27c1a5a8a6446c2fad1a203856025ab6dda95da02f556334238b2e90e635607e955fb709df33711ec5a2be2b05066d4dabed3a29ba8ca73012c0fa64e03b0847c1fc2e754e2ed838cb9819652bb8291bc23c6944a6aca8959bfe81dc9baf71f73836bf67203a7c4f22faa648ab5cbeb3807cd64da8e66a188ccfc9701b3e43eb33e22302ae867a751ff96ce7c9a361e861bfe2a07c3ba03ee5e9efedb461d700afb723c5d8a61668f738ab1e9101e3103d55238b0814225a420d439f92f8d1c44b0397a2f125d9609fa6a7d078ae81dfbe8ee555105e755efa66fdb6b18a3f2e7d3164d8e3947dafed9d05c97a32023702fd5243eef621687e55cf434e31560caba3d6c71ea677019cbe4a4d3c684ab8447546209cc627d03c2d94368ffc558c499a905f7ed011f37ebaad8d4809b2f9d07af1552fe633eebece00b407cd499cb99db4da72d302286d3b9706b755f7988046290e7083810b0d17e69a54f439dbafc31807c763c573952fb63699f24e4bd03986af9b8db43d2ace611b6c87adf14502d50dbe978fc0f1406f43dead90dbcf0741477b640471a02a33056c48a8c6069d208d4d41da774063944520e317f0cdd2be96cafbeda0e170cdf063e23d4f549f2f7b73ed3a857a43e04d5e8acd8d11479d729a452a9b0085199eda96d78ab99c99cc5f0af4f4f2fc2a88ac6e2a05619f731324dab745ec01d0d17d2fd08231297533ed60e75acfc921c4e1bb78fc3af2eed31cd1e08395c5f274310feeaa221765975043b38e2873fd1b34bc25ab0693129bdd1f36a62f9b72cb545f23a94dba1f1a5ac68590feace1b68a91ce007a09bdf3fb1b8d2f885d617dc4a2641f5926efd052ddb32e262d503d9caeab17840c64485c2a97e8ffc4bf9c6cfa71e4aa874266e20cac7adfe9fa6721dad559de802b909965c8a281eba4507fe7f452d7fd7c8f75539cd009ba905ebd95636b0270e1c73af5d77575c13f30f591da50278d3adfd0464b109a88b8784d2296becb2bedd761de05c65444b3fb8ba1760070344a4cf814bb4a956d6de2413b7e384a9c3d16070048d9dde2eadeea836fd9bc84654bb93a42af7e981f62d260400ed754b47e470fba29671368b3bcb380c4ffd294e0f8f6317f2a3d956a22b3efac38086d75f5c5a1aef5252aaea573eaa2dc6a6cf5305bcf24433465edfe569726a7a0fd0d107c2f04e5ceef30e7e19d79a350d1dc9a721c2aedd2aa9de60e5ba894a0468b9679aef05cbb64e039f13bf4b1146be2186d1e15a3ac5107a61ef3425e9bdc724c15fb6a49e09e01346b768ef7935a9e649b8e36dd19f15ca5767f7598010ced13f65faae7f054e453f771122e1b77a92a00696da42cf8d92343ddab89ae3cd56c858476defca32500fb13dbc0a138ab6ff19ef707c38792a81c7d4508b17bc5b0fd855b75c872d92aea0184d66b2a8a58e177893d72280ac201743cac7b1a2f47a7da241f4c89834410b094ae07cf276b8195346c4860c63e8940910c9d442f262391320444db6f00f93da949d2d4cc80eab994aa1faed61dd0784b424f7e90d0e7a1bc251406e21ccfd8c84f1dd4eb6ef8d6fecd0792d1eb60ded86c9223eead7af6b2f0e046dcadd4b97dc0fa3796ce4a08d66359d6989c5f9c4187c4b049014f144eb11578a567c9c841fc7db63738d2a6fa162a962993026bf098b48755baf1cb16933e96b5fe0995d99b88d15fcbc72585d7382df192fe0ef61f9263d4d4c2e8683164c864d394278832cc141ee21800645fd963c5ffd654f15bec32d211379320e2ab13067a9c6e54438541f0184dcd8f1605262f6f8e5504f5b83365802f57ed4b7da21d9c9c519bcae75aeb7692b875acd8c5d7a5dace7cbf9bde31057148e9792043eb68b48ab0c556e93d44e16d269f71271dab7e32884586e8dcccc9c4967795fe98598caa35d0a79b37ca12961f554576d9435ddeb01c039b1bfb29213e1135ba4f846c24ddaa01731ce4dffa20f0854a698f9c81f1862d702d5c70f8fdfc8e077b0c870179acf4b9e0a4d1735883160276fbfef06fe2fa8bc7b467d68cc8055b7e0a307c0f416a9121c7d71cb9e83edc7cc459b22a7ae21367d979b781403c1867e2cdf2c00b8b757c41f2d88b14826b6f83c7d786230f3f6134dd834944fdda973076654b85b68b966e9f6d7039d407b97df9120755507255e777f7b47f6ae97a26e0a0841f6d615d65e99cfc194357c6617947db4906bcc771fa0897714ffdc6d2b8b68f1ef8474d22a4684fac00b3ec08e5f99262411b9a3ac93de2ef114b5208ad0308f36f1141be445201089fa0c09acdc957b0ebd6e2dfa436b56cdec9bbeaf3f28cb7ec2a079d905e8e8671fcf9d8c5fd307bef30993f7612fe65cbf54b63cd45cac45afaf0171505a31daa64254c85d343c92a8489c8458d996c89f81f46d4c73f8db6e5f9bf8b66a3935bd646dee809e8a264583f9bbe890c992f1a8a517dd77324b178e1b2e24f1bdb17d5b5c67f0f7a84bbd477cb564089a18c27d3384b09d403d9477733dad89974db266d999c66fe000c0c458839b601afcf8a06c312d3ad8f27af3d1c0dfdcfedad5b7c7835d6c016824136204d51ce60e2a82a5a89017aa85e259fe0715e6870d414fd9c27aa127c50ca5884b6c44afbc0072d8977393d17a43234e7075953e81541bae05db1f9c126d4927016319e7fabbd3c5cec69933e0ad64c759719e28d31b66e96b970b127961e3078e579d7aeca5d64ae6276c386642c747bad9cb1708ce9a1ca96558b51ad37c7b9dbac7c381b43beb1f6baa3eb65614f9c5e65e2dee2633b7d2485e44228d1e022e1ca77d94eaa5bb303c6b4e915813d1e96df7992e499aa27d26f5da094dfd552aadf4ba9e392e13dc8f9bb6e3d9c78483faec39fa40323d228bbebce8ea0fbdf0966a09fcf59319e15aba868922dd41ca4f29f3f8c4c4e5f763d4d8fa38f89b7d48f3e0c05143e4a6bf5e24b8bff8228f8d96650cc512cf2320f258ae7c0597d63bba3654b6b45", 0x1000}], 0x6, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SOUND_PCM_READ_RATE(r6, 0x80045002, &(0x7f00000004c0)) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:30 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x7e00) 17:27:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x30, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:30 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x400200, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2f6465762f6e6264300092c737bec81de0ecc2ea6d22fe0fcc2d1395f20103879a69c0f2d0fdfc77825d0e600f9d65c11f3e05d8ec17a6ea99f9484182c6210600000000000000c3f3d79ec1a6341854b1"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0xa000, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x4011, 0x0) 17:27:30 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) [ 2354.360673][T11005] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2354.486200][T11005] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2354.498908][ T27] audit: type=1804 audit(1586453250.686:45071): pid=11011 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2639/bus" dev="sda1" ino=17268 res=1 [ 2354.528644][T11005] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2354.633799][T11018] : Can't open blockdev 17:27:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x31, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2355.149655][T11030] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2355.170442][T11016] : Can't open blockdev 17:27:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x30, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2355.210693][T11030] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2355.246325][T11030] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:31 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, 0x0, 0x8080fffffffe) [ 2355.518621][T11041] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:31 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x800e) [ 2355.615915][ T27] audit: type=1804 audit(1586453251.806:45072): pid=11050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2640/bus" dev="sda1" ino=17168 res=1 [ 2355.654444][T11041] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x32, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2355.748122][T11041] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2355.975329][T11058] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2356.030857][T11058] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2356.089390][T11058] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x31, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x33, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2356.472925][T11070] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2356.516321][T11070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 17:27:32 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, 0x0, 0x8080fffffffe) [ 2356.644310][T11070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2356.817515][ T27] audit: type=1804 audit(1586453253.006:45073): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2641/bus" dev="sda1" ino=17125 res=1 17:27:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r5, @ANYBLOB="0400000000000000000000000b0001006367726ffcff000034000200200003801c000280180000000000010000000000000000000000000000000000100002000c0009000000000000000000"], 0x64}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)=@delqdisc={0x164, 0x25, 0x4, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x3, 0xc74465677a8336f5}, {0xffe0, 0x4}, {0xffff, 0xfff3}}, [@qdisc_kind_options=@q_choke={{0xa, 0x1, 'choke\x00'}, {0x12c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x3, 0x6, 0x8, 0x1c, 0x1f, 0x3, 0x7}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x97b}, @TCA_CHOKE_STAB={0x104, 0x2, "f7e72e856aeabbd96badf9d618d4c18f86fdd501921833a12108463361f1b316849438644474ae4b7c989a19371e37b827630c6b69d4af15be15043903c74522a1367514c9a68b7f19774ac1b3409996a8a2bbe171ca7591357a065fde8ba6e1e34f1995cc7486e9754bd4af56a8529538cc2fee7fb8043e842a6d821c424304af097ee628e5056fd83183536a7d9f1dee8469e3899985e996409aa8118724f29553f9ea40387cd6d9d83e5e8554203b352a7153e03b3ce30cc5461424a2b046ed3d3eb8227be6a926ff2deb1814fb94d56309c257bbda603d77ecde569c63538c85b7b75b4236a2daa19fa5439e0204cbde995486b0c76f5859f4e7a33777f8"}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x40}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}]}, 0x164}}, 0x4004) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$TIPC_MCAST_REPLICAST(r7, 0x10f, 0x86) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:33 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000100), 0x8080fffffffe) [ 2357.320508][T11078] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2357.367486][T11078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2357.420761][T11078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:33 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8060}, 0x40) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd06000000000000008d907ad181ed243af26233a1643f9fc125dbdf25140000000400e400010000000594ab7f21261c0711428a900c7314ac001301010000000600"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$DRM_IOCTL_GET_MAP(r4, 0xc0286404, &(0x7f0000000240)={0x0, 0x1, 0x5, 0x21, &(0x7f0000ffb000/0x3000)=nil, 0x81}) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2, 0x8440}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f00000003c0)={0x80, 0x17, 0x3, 0x4, 0xbc, 0x3, &(0x7f0000000300)="481f45c4657c46b93654f1ae33561fdc4f53943fa8f897dd6190376a9d5233f2089f91342df5acb5a321951c06e215819ebee3f48447792a29635266871674400e6ce8f96ffffd8ad2e53f5fada747aa5d1cedb24460cbd60c2c8f39058f6681b396aff0a6226a6fa6e9391b7937781513b70af927c7bb73313f47b5528e137edf4b662372b5d8d2605f8f63da44a7fb3484da6830d415c1e8458f89d15dc38de3eae44c55f63e8817e7ec2fa0f5d151b805cde02d26180cdb8a2652"}) [ 2357.551668][ T27] audit: type=1804 audit(1586453253.736:45074): pid=11099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3470/bus" dev="sda1" ino=17243 res=1 [ 2357.698094][ T2523] block nbd1: Attempted send on invalid socket [ 2357.712706][ T2523] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2357.728451][T11101] XFS (nbd1): SB validate failed with error -5. 17:27:34 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, 0x0, 0x8080fffffffe) [ 2357.801136][T11098] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2357.978780][T11079] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:34 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x8035) [ 2358.051756][T11079] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2358.064935][T11079] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2358.148666][ T27] audit: type=1804 audit(1586453254.336:45075): pid=11224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2642/bus" dev="sda1" ino=17125 res=1 17:27:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x34, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:34 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2358.384889][T11092] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 17:27:34 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, 0x0, 0x8080fffffffe) [ 2358.648199][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:34 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2358.723420][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2358.767927][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2358.784109][ T27] audit: type=1804 audit(1586453254.976:45076): pid=11297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3471/bus" dev="sda1" ino=17247 res=1 17:27:35 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$LOOP_SET_CAPACITY(r3, 0x4c07) 17:27:35 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x0) 17:27:35 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r5, 0x5}, 0x14}, 0x1, 0x6c}, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xb59}, @SEG6_ATTR_DST={0x14, 0x1, @empty}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @rand_addr="6651be931a0eb6ff3bcf568b1954264d"}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xff}, @SEG6_ATTR_ALGID={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20040000}, 0x84005) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2359.372708][ T27] audit: type=1804 audit(1586453255.566:45077): pid=11577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2643/bus" dev="sda1" ino=17262 res=1 [ 2359.411795][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2359.442908][ T2522] block nbd1: Attempted send on invalid socket [ 2359.449235][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2359.467516][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2359.495664][T11578] XFS (nbd1): SB validate failed with error -5. [ 2359.545340][T11239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:35 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(r5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r6, 0x0, r6) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000240)=@proc={0x10, 0x0, 0x25dfdbfc, 0x80000}, 0xc, &(0x7f00000014c0)=[{&(0x7f0000000280)={0xb0, 0x29, 0x0, 0x70bd25, 0x25dfdbfd, "", [@generic="3be3daa3bed701602fd1bdc06c559779920f8a06feb876fd0514f08f2d93c2fdcdf585bf4433bde019a549d7c93488e5d04c15cede0d323ad61ed47a82e3edf209b0839d383b4f645a9e5dc866ed199a1dbda22544802953ab6ecf502284587909e4a363fabb2f076df5ce061183b904bd9ad4dd818a36900907f726598219aa7b32cbf870e37b161554937dd9f5f448e646b3d2afc68862eea34518", @nested={0x4, 0x78}]}, 0xb0}, {&(0x7f0000000400)={0xffffffffffffffc9, 0x2e, 0x1, 0x70bd27, 0x25dfdbfc, "", [@generic="e0fbb6ae358b5383dfe0757a3dcd9e3fd109fffdcd98a02b1a236a48e0daddad8e0ff35170b7d19f90a73d1eceb0de2efd26a5cc5b002f4e2fcc9fc53c3420b0df4d99901a5e58ccb5d83ab8097fe48d0cf3bff8436d44d101dff4bdf7177cdddeccd6a52de5ecb251ee8dd5aabd89e08030cca1eefb6e29ba29299b079c6e403e79bc13e2d0a8a3f63b593933ed1189bd005023ecc73d5ff497413b6b02d9428d217e666ac445c6f69ae7329702d35e30c55f76d7a4fdc13d99048011e27714554099cc2dad88f7b7b42f2f6258b265b3532556f4e976353f64819f4d5f449588e4c71ec4bec182763b0d74cfaf8ad1725f3704f67d09a22b9fc32aa736c6c938c79e7d7609726aba91cc47aeaa9e7c175b7d999c289404067c19b0caa2283c9d9a70ed1768b65dce3f68ea7234854c7ddf3278a9e9c0b643f4a2f94dd51dd4fd0437298560bdc9220c4d29fbcd3e28a806a71baac5d98b97ad491e341f94382189ccb5ed8b538b84d38fba4559052023f7132c6c5921795aa51a3d3f737c9899670e1ee49c5141fdefd41d4d99b5de997b51f3d830d8437b64dc14771d8f68ddd57e3861e4e8bbdb6814aab514f28ef3c2ee61eeea337b0d92664ff4f803ec1d74411b72ed6a04b99502baa993bd7895eeb51cd5f19b1e5fc32e17a42877321efb7380b1395b1175a39383a90410e24dcc10a70c0d7723a32ee6a6215f95821f6b6b1e14c85a4d3fe5872c3793bdd05fadc72b9cbc2a6de82680365d50f30ef20286cad4ee8d55c7cec818c58e6c4b9866c7b51b8a54eb6c8a981a6f2fb75556ee13b2b3578fa0353adff9a672c40da946f35bcba30481b75c88bdf159101e235fb5dca7fd48b86b0c2886ecd25f654221879a4e8db76dafef1c70942307942f174884e33ef9b22198c4e8ee1ea27abe3f346a1e13eb800d9db410526d49952c320c6b5131fc8d1cb61de6935baa9b5b9ccec1a5a6b5ea9bcf250bc132f2d15aca671c46db9d84699b68110c7ed9831dea153016e117242de331095718d3fbf1520297ed7e949159b9fc6105b6b135336e1e6047ee994fa9b7dffe8582469e03cc337b6c51d46ebe8b617ea9f4bdc6477ee143c2118997e64365980fafa81210f879f5d825b4e1211756e38f0fb5a66117597bb34b24ccba486d16770923f43060848b74dd0cca267aff67c9fa002ab48ef30930bcfaba40f864872f6c3bfcd548c46a653d0ebf1284a3366890d6277aa1f951043c014e3584bdf228140ffc00b20e9f0204eb85ad17da8ea41a6f8574628ff26da4f43ca7c39211bd0bf3a07ef669b9cadcdd0e8d5ac6b0de9096f29bd34db7302bbc933b65d451062794cb252852bb4df9323abe2a896a65c75316c86ef7d4756854f82983d8a784891672eb2c09facc6722151401007ea30cf66c774246dbc7c5c210f636cd737e941e8f0bb1a680452fa975b7bd61951378103a60f22d21659fcde20125da5677ace1da3a899954312d16432de8fd0e2bcc273d01c6144fe7744313a5502ffb0b0641d3a2d5970ab50f5d9a704dcc171a88eb71c141079099eb01b0f90d2020c75e7c1f951fad07d18b09399fc7259c1bec3d9aa99d7460268faaf6e693bb00865b9ec92a016bce409292c91dfe9c82819460a762c7682a2956f05810453149be5c6fc6748715434afd452a7786bc388482199de67152345dcf5d956a1618b809efafba5151aff5b479e427a063ecc024658dd6ecadc3a0490466e129da9a1e8d6d5c832d11f2db126e1a7591ee6cc6c62603d5b22096270db8e82fb2c91252eceda2229e84ae970dc352dfc6131c60cf29307a2bd9734c27fa194444dcc923c706496a05c80e74fd0323367d6936e7d45030fec550b9af35485244265ef25526ffc81990035d02ce7c069ccca1b134b1bd3b7441c035dff94e5f06524f4c52996026ef3df5bc73e26d5abf3b5a8bc9158425c49e77636f195b22f07c0560344bc3ff4e9323924c86da71cc0e3c764a0f3b0200e0847c1f19655f4c118a14148ca5899007e753dc07362116d20fadfb44be8624546890460044b78622dc0eeca5bf7eeee5abdcb7726b8e70190d4c8149e016295b4aa2b431b6c81aac5d5614d533628d89fb4cc5a4348a13f903693f38fdf3d0e5bd045f7f07abc13923002ad2b9c681cc1bda6004ebc6758a7879f1e383df3ef6ec3bdec3c9568d459b64228863f456a37e94c1465935d76fce472fea1a1c11d8fc9c84dc52fb4dba5611ba70eac31c2ace4a8617575d664627dd95621d6b3f5bd6df24c7918cfcd3991530c9d04c4726e8417b0ea3c416c4b3e460caaa9b87e26a162213af505be415b10276f65f604d37cc949d309e4fd97a148b0172010014a8737ac0c9ed161c3e388250510fa4d5788f312e77ffcf9adea12e9c77164bd10f78edc808e61b23f330745ac0de1c44017062d10a7d574d487829d9e35a278b590c02471c627404d40ed3dce7a9412ac618e346c37fe51948e0d7a935dbc555f125761c948d9a592a4d279ca8c36757fa004e5cc5312248f55c84acec56adf31e50372f6280308ba33183e0923d308fa5e1ef58a8f1f7f1315c88881539e103661eddc6ac3b5eb20aecd59d469d4a23cbd8aff2f6c88c3b261cd7e174bf753cc0f6583eff871030597aca8204400ac4096eece71970530feffae459fa4a78209a35687528e808f38dd7ac661415a04ff1de142536e6cdc51afd8553a7f524b007e701dcef74c5aecbcf3a8ac98b910471aa41f6c666bab8cd73e9408cc650650b5788808d7d521ee6303b8fc36753408d835b5b22c82276afbd45f97f857d93a77189bef3fafa5dad7cc3ecd831ee4b1ea692ddb8e871b17a1e1d0fdfe88ac5a7e63248a50f916f2d5d6c7c33c6e2ada9ce2dad3dab5faa072592e622cc17d0e8410192144b54fe56e202432ada3c59d0d6c2a3bed3993ed8247a63f7bc987b325913a620c29e54474531bceba3c2dd502bc31250c034621b4a25d290168308272b57b69eb701b03b50ef90a8f58b911621fa4304741289a94a5d4d614236f7ffe831b63ea7b5ee741282474e50eef6b55b7bc2ab0057d73bbdc1c78326ee9dec75bb662184a023d6d56d7016c320f2fb8dfe593a56bbec8c613158f609e767e39671d283c23954cdfd3cba8cd3ec38a686652b44a441050347fbe62b4b49be57b0960aab7eac3727b2333b58dfd3b55f3b0eba5d43d37471397e36eed94696be99675bcbcf04b0e9fc6f6f1e84bd0254d814a94874a96f115cfae4937f97f2259696369359cf53da7c7f53c43e1119404b120b0f6c989c777fbbe59e52669665d31ddf0632d76d4cab01620d39e65f9315a0d62605dbe7351fef6797b0f8b402c648589feb1a5eb042e6ce95f86e7e0976881ce8c100f70cbffddbe756e9aae24e505cc43400b5ba2c2bef8b92d1dcd9ef40d9a73598e64afc9a988130545415932128fd09b262c4105a0865ce49b9759b68b12eadc0c740adb7e1308bffe1e853cbfee14a86146657e4369801cdf1d6d07e8b43d6d2294eb257370505f4876e0ffc8e134d98cfdcafad0ffccc9b3a9d6cd5cdf17844c734ad05da307c8fda9c6117fe2f22f29f44abc447c27fdeb840008f2dc18587d223d33cfc356fe9c959dd59a2279a9390a04decbd4ce6c0257581f1b9feb5cf7f101f75ffd841d2b88aca0906060ac946193a6c94178c9e853cf7b0d6c778e4518c6abbe04a97fe8d45c65e45e6b7750944a29c222d7a5da18230738503ff9522844228089badc856bf0a089c683dbf56d90e0327b623afba80a4f10e305d73d9da359022ac230e0336ec95609c458ae02c7cb9853b430da480d8a671e9316cceaceae3ea1fe8d671e4cd520669305efb18303e5fd7bc1c1602e397cf72f3d3305ec4a44678cff9cdda0786bd33f8c5463bd1faa587f3fcaae2e9d1a78e6b24d38c9e763136eb6987b058d2f652919c1a9ca21d1b9e516f8b689bbb5255ea0f7e017604ba51aae7c24eb2d213f0fbda55d0608dc9d022a89050bf099e4668a096d89c34170995a518d50c8c9c38abedf731445bcddeacf732f39984674ada7e3a8098715a6e5d235c1ea3537ba5cc28ce4efbd9d964089953665a6fa6b98f2786663e862fa2c56c8338186607dfd3526f9e0495ed46acc708a1d216180901da37d595f4a27a1db9158d9e83f84107cbbf85db979d5b9283a219d6c3bc66772cc0ff1be4503634f7106ac830465d03901c1192b879e38d67dfe76dea3bc769276abb150b25b6c166fe6453405b0473a88e5d89b430d84aabd2bc1be12ef3ccdf1043d6697bd5db48113d0411ceb141cde9e4e6a6dcff7fa5df23180a01a41259dcc853844da79e3258df34999c9ddcfe76d5e5ac9cbc1f9bbd92cd3e16e9c3242808279792cfc4a9169f4d4d1cebdf377d4586ac30e3a4d04284abda7d157c7222a4371f8b4a6e8693930b98b38a3c79c3e644e033da4c16635caed114012d9f4ba18bf70f484ed1f330c0fc96414c20c8d452fcd31562ebe10529d265bdaf52628e13036e2f196552d2abd81c22d248f37242290b2f18a3f60c3d744b702658572940bce1345a20c968771ba974db8171629b3e11ca94d67a40de4e3445f225145f3a9b5426ace326eaf009527887bf0179bf3dc249667be7a3566170b9774c82c3edac6053e64de1bf527c7e737dac0c8cfc5ca5bfe280c9eae376fa001e0f7ad3c8d1c5c5d5f18aad761f7331020e710c07b35c09c4b4343b76040c8f710c5d3a7a2b246cb5ec76c5198a720eae095ffa02cd1f86cb6e8cff71f5dc8810b3c41bbcb7e21c4d2c809b56a12c0fb1960ec5c153bdddbaf9ef2f4e5eed9e99ba7a39eaff31ddc10f65162fc2c210db8370ac2f54c831f0de22b2395e43ffe1e3f965096a0568bb7ac0ee91c60a10aba684a7e9e1e21a264b59eb571223f6a10dc88ce39c98695275c2995fb81a1898f4a753031920eacead8723d81ed5399c61e7afe9cae1d736180e92a6e52d079861c319f427e200eeb485f80008135352bf95966e62b7df027b0885274ea3778437d15e5b8b07f3d78967b8820ee2f5a03eac28714c93dab6f2ea911a29d3fe903a200c8b41b5532cb5d9f798b1e6dd596dc986182c6a1d70c319877bd2088038ff69e7efaa036f1788a891a7477d3eeebe4d36647da2fbceddac90103fa61e56f997abc299b662c12d4f99a558463e688e5f62490ffb5c0f12d823c8eafbc99d10905fe587bb50797ea2325545ab8534038b9744c1238cdb077e6f00564922375f297f113a4daa39fefe6cc80edb8682cd4abcc6752c50a1badf64830b9c5f7065f30d6c1776e580b6d1716b74b947b7e495324b12626fbcc1de471f6f5f225a643639acbce043c2181d37650ca3dc59fbf0d71c6257fb65408730d11d2be69b4631d8c07a91d083f88846fa73bec9d0dc61121a3dbf6213a0f1ded32b83bd7711a04767821727b03032c9e04e6fc523a5995aa8df686136529fc901ea296e9d5ae689c3da75d09957676fe9eb8c80ccbbc357934ffeeabdf947fb0d25bbfbeafa4b4992093c857b97c78f070b3fc42ed0cc607d885e8c534bdac6b81989494dda9b6616a518bf10434d4f27d57a6cd6fb4b0b8b0af3713cf044bbbdc7545a8e94fe8d646348effb6706ef65dddf5ad5fb7be536f4569bd6ba99550ef41e8d1d91920c0f8352e64a90e92ec371a9361aeb9ede0c9df538f4e5cc01332d8594ca2790c5871344534dde7418a6636f410553ca3fa3b1259cbe8306aefe6f1c4e83dda2dab8fe7c7e47be", @generic="f413cdf364d2147559e3e3454592e8fe148b56bd7730652b3b278e0f9bc3cafca8651f1f5ec18a12485a4d3fbfc3d9af0d550727e7be8e828ae05616bb4ba0d2143e", @typed={0x14, 0x46, 0x0, 0x0, @ipv6=@local}]}, 0x1068}, {&(0x7f0000001480)={0x18, 0x17, 0x4, 0x70bd27, 0x25dfdbff, "", [@typed={0x8, 0x4a, 0x0, 0x0, @ipv4=@multicast2}]}, 0x18}], 0x3, &(0x7f0000001600)=[@rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [r4, r5, r6]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88, 0x8885}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0x7d, 0x8101, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) 17:27:36 executing program 2: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, 0x0, 0x8080fffffffe) 17:27:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x35, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:36 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="24001a6d", @ANYRES16=r2, @ANYBLOB="04002dbd7000fedbdf25140000000500e4000100000005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r5, @ANYBLOB="0400000000000000000c00000b0001006367726ffcff000034000200200003801c0002801800000000000100000000000000000000000000000000007674c3b0a29525b7f23e4cbb10000200"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="2400000046bd0917fa0400"/20, @ANYRES32=r5, @ANYBLOB='\x00'/12], 0x24}}, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000280)={@remote, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, 0x3, 0x4, 0x5, 0x100, 0x5, 0x140010b, r5}) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000240)=0xfff, 0x4) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r3}], 0x1, 0x0) [ 2360.185263][ T27] audit: type=1804 audit(1586453256.376:45078): pid=11707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir609730350/syzkaller.qIbFCA/3472/bus" dev="sda1" ino=17243 res=1 [ 2360.551152][T11709] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2360.575941][T11709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2360.602186][T11709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:37 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000003c40)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60e4457d00481100fe880000080000000000000000000001ff0200000000000000000100140000000890780300000000000000a7092295079bfb5e8d46aeb3121798ae0107d64b08923a331d8507737d6cc75880c06980c274aa26954922de2a79bc881513506d4e4ea7b520f50ca018fc552cb73efdacb0467d86ac7945b20bd51c3e48425227f48d423faa0f1a91ecc67b0559ba312358b185b2d652194005220014b80c084c96fb88f7119dac4faec9ad2e3f58d66b51613fa8167829a237bec5d533bae5af78916947643eff3ac3dceffcdf396aa1452b9375486e"], 0x82) splice(r0, 0x0, r2, 0x0, 0x10005, 0x8100) 17:27:37 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000040)=[0xb91, 0x9]) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0xc050787274, 0x0, 0x0, 0x0) 17:27:37 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x0) 17:27:37 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000240)=@rc, &(0x7f0000000080)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) accept$inet6(r3, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000380)=0x1c) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="71f69bebd07e5c791c3f5dcccf9dab2827a788cb7e5444b0a7fd3b80838eb92f4a3d0882e200000000a4a645bba490689980e0ed230522474d66d31fc71990861bd45e819b0c73896430500c4281890eab17a2596862d32383258806a49990fb5c737a0945229016060094b310f074a6ebfda430f62030ceaca1bb6201037f241e8e02c24c8183000000000000000000", @ANYRES16=r1, @ANYBLOB="04102dbd7000fedbdda51400000005cc2f4ef0055336df001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f0000000300)={0x8, &(0x7f00000002c0)=[{0x7, 0x6}, {0x9, 0x20}, {0x6310, 0x94}, {0x9, 0x1000}, {0x9}, {0x1}, {0x1, 0x8001}, {0x401, 0x1}]}) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, &(0x7f00000003c0)=0xc000000) sendto$inet6(r4, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000), 0x0, 0x0) 17:27:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x36, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2360.957862][ T27] audit: type=1804 audit(1586453257.146:45079): pid=11831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2644/bus" dev="sda1" ino=17298 res=1 17:27:37 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ashmem\x00', 0x400000, 0x0) ioctl$ASHMEM_GET_SIZE(r3, 0x7704, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) 17:27:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x34, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:37 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="abff614800"/16, 0x10) accept$alg(0xffffffffffffffff, 0x0, 0x0) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000300)='security.ima\x00', &(0x7f0000000340)=@ng={0x4, 0xe, "fe78c8357fd01c"}, 0x9, 0x1) r0 = socket$netlink(0x10, 0x3, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = accept4$llc(r2, 0x0, &(0x7f0000000240), 0x1000) getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, &(0x7f0000000280), &(0x7f00000002c0)=0x40) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r4, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0) [ 2361.654908][ T2522] block nbd1: Attempted send on invalid socket [ 2361.661925][ T2522] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 2361.685585][T12062] XFS (nbd1): SB validate failed with error -5. [ 2361.718064][T11950] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:38 executing program 5: sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa) fcntl$setstatus(r2, 0x4, 0x46000) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x14) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x0) [ 2361.825333][T11950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2361.859642][T11950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2362.008448][T11953] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:27:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x37, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) [ 2362.093267][T11953] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2362.117218][ T27] audit: type=1804 audit(1586453258.306:45080): pid=12181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir948921085/syzkaller.kubnNr/2645/bus" dev="sda1" ino=17189 res=1 [ 2362.156110][T11953] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:27:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108ffea8fa90ccee956067e34d5", @ANYRES32=0x0, @ANYBLOB="000000000ed3000008001b0000000000f7518b25a3f2a5a3b4859f29ef8bac5e6e2a842d37347fb91fa0231c8e3ddee806e3c7ba5c3449f587cd4f81b60f4661b184ea4518edfa418da0368616e5cc6436be1fd3dbdf11"], 0x28}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x34, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x43fd, 0x4) 17:27:38 executing program 3: accept(0xffffffffffffffff, &(0x7f0000000080)=@rc, &(0x7f0000000100)=0x80) r0 = socket$netlink(0x10, 0x3, 0x12) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002dbd7000fedbdf2514000070ef00e40001f6ff0005001301010000000600ab0009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x20008000) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00'}) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)="635efbd1e209882ce1476a5255f4972e9397778ca7998e778baa0b8598794174c2542c50203d308d2b3c34000586f8a9cd1b55da8a31b2794778", 0xfffffffffffffeb9, 0x8905, 0x0, 0x0) poll(&(0x7f0000000000)=[{r2}], 0x1, 0x0) [ 2362.546900][T12189] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2362.614509][T12189] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2362.651377][T12189] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2363.177386][ T4031] ================================================================== [ 2363.185548][ T4031] BUG: KCSAN: data-race in __follow_mount_rcu.isra.0 / vfs_unlink [ 2363.193358][ T4031] [ 2363.195684][ T4031] write to 0xffff8881251c63c0 of 4 bytes by task 4913 on cpu 1: [ 2363.203351][ T4031] vfs_unlink+0x267/0x3e0 [ 2363.207707][ T4031] do_unlinkat+0x33f/0x550 [ 2363.212149][ T4031] __x64_sys_unlink+0x38/0x50 [ 2363.216834][ T4031] do_syscall_64+0xc7/0x390 [ 2363.221368][ T4031] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2363.227234][ T4031] [ 2363.229561][ T4031] read to 0xffff8881251c63c0 of 4 bytes by task 4031 on cpu 0: [ 2363.237096][ T4031] __follow_mount_rcu.isra.0+0x5a/0x330 [ 2363.242677][ T4031] lookup_fast+0x249/0x6e0 [ 2363.247128][ T4031] walk_component+0x73/0x9a0 [ 2363.251713][ T4031] path_lookupat.isra.0+0x129/0x2e0 [ 2363.256895][ T4031] filename_lookup+0x145/0x2b0 [ 2363.261644][ T4031] user_path_at_empty+0x47/0x60 [ 2363.266475][ T4031] do_readlinkat+0x89/0x230 [ 2363.270959][ T4031] __x64_sys_readlink+0x4c/0x60 [ 2363.275792][ T4031] do_syscall_64+0xc7/0x390 [ 2363.280329][ T4031] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2363.286237][ T4031] [ 2363.288552][ T4031] Reported by Kernel Concurrency Sanitizer on: [ 2363.294724][ T4031] CPU: 0 PID: 4031 Comm: udevd Not tainted 5.6.0-rc1-syzkaller #0 [ 2363.302505][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2363.312582][ T4031] ================================================================== [ 2363.320635][ T4031] Kernel panic - not syncing: panic_on_warn set ... [ 2363.327217][ T4031] CPU: 0 PID: 4031 Comm: udevd Not tainted 5.6.0-rc1-syzkaller #0 [ 2363.335007][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2363.345050][ T4031] Call Trace: [ 2363.348330][ T4031] dump_stack+0x11d/0x187 [ 2363.352703][ T4031] panic+0x210/0x640 [ 2363.356634][ T4031] ? vprintk_func+0x89/0x13a [ 2363.361229][ T4031] kcsan_report.cold+0xc/0xf [ 2363.365945][ T4031] kcsan_setup_watchpoint+0x3fb/0x440 [ 2363.371322][ T4031] __follow_mount_rcu.isra.0+0x5a/0x330 [ 2363.376853][ T4031] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 2363.382729][ T4031] lookup_fast+0x249/0x6e0 [ 2363.387145][ T4031] walk_component+0x73/0x9a0 [ 2363.391738][ T4031] path_lookupat.isra.0+0x129/0x2e0 [ 2363.396919][ T4031] filename_lookup+0x145/0x2b0 [ 2363.401672][ T4031] ? strncpy_from_user+0x20f/0x2b0 [ 2363.406762][ T4031] ? getname_flags+0x19d/0x380 [ 2363.411507][ T4031] user_path_at_empty+0x47/0x60 [ 2363.416340][ T4031] do_readlinkat+0x89/0x230 [ 2363.420826][ T4031] ? ksys_read+0x133/0x1a0 [ 2363.425223][ T4031] __x64_sys_readlink+0x4c/0x60 [ 2363.430071][ T4031] do_syscall_64+0xc7/0x390 [ 2363.434558][ T4031] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2363.440437][ T4031] RIP: 0033:0x7fe829131577 [ 2363.444845][ T4031] Code: f0 ff ff 77 02 f3 c3 48 8b 15 bd 38 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 90 90 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 38 2b 00 31 d2 48 29 c2 64 [ 2363.464438][ T4031] RSP: 002b:00007fffe37f3f58 EFLAGS: 00000202 ORIG_RAX: 0000000000000059 [ 2363.472830][ T4031] RAX: ffffffffffffffda RBX: 0000000000dc6250 RCX: 00007fe829131577 [ 2363.480883][ T4031] RDX: 00000000000003fc RSI: 00007fffe37f4384 RDI: 00007fffe37f3f80 [ 2363.488834][ T4031] RBP: 00000000000003fc R08: 0000000000dc60d0 R09: 00007fe8291861d0 [ 2363.496785][ T4031] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000008b74 [ 2363.504736][ T4031] R13: 0000000000000000 R14: 0000000001c46100 R15: 0000000000dc6250 [ 2363.514129][ T4031] Kernel Offset: disabled [ 2363.518471][ T4031] Rebooting in 86400 seconds..