0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:29 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @empty=[0x3, 0xd00, 0x689], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr, @remote}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}}}}}}, 0x0) 03:53:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:29 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x4}, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 03:53:29 executing program 3: ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:29 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @empty=[0x3, 0xd00, 0x689], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr, @remote}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}}}}}}, 0x0) 03:53:38 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:53:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:38 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @empty=[0x3, 0xd00, 0x689], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr, @remote}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}}}}}}, 0x0) 03:53:38 executing program 3: r0 = syz_open_dev$usbfs(0x0, 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:38 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000040)=ANY=[@ANYBLOB="b702000005000000bf230000000000002703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe800000008500000026000000b7000000000000009500000000000000acaa8e5374bf16d94ef0987b00a749a8e55da870f7778d3e77ad85319f0113fe7699162334343befce832cb8075c5f08e30cde221371f0fe1e2067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f044855a94eaaa9e8b6133b0cd417bdc68af2b4ca5467a97184c8e9d34b3e382b25e9614634e8e09194f2d89dd6a0bfe10ddba2e3797a2f6dcb45d5ff81603ddbd17ffe1db3560c01cdf1eaa3fc7a2fb4f1689dfd5b688e68cea45850913c70f26174770e4dfd1c82a694efc62e1ef9c8c0ea1efa5b949ef865a32b9839d39fd74aa05"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xcc0, 0x0, &(0x7f0000000280)="7b5515ccc8bca12641e65d58fd1a12f639", 0x0, 0xfff}, 0x28) 03:53:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000004840)=[{{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000000000)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) 03:53:38 executing program 3: r0 = syz_open_dev$usbfs(0x0, 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:38 executing program 5: syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x7, 0x182) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) sendfile(r0, r0, 0x0, 0x24000000) timer_getoverrun(0x0) read$rfkill(0xffffffffffffffff, &(0x7f0000000040), 0x8) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8cT', 0x2761, 0x0) readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000340)=""/202, 0xca}, {&(0x7f00000004c0)=""/158, 0x9e}, {0x0}, {&(0x7f0000000580)=""/244, 0xf4}, {&(0x7f0000000680)=""/175, 0xaf}], 0x5) write$cgroup_pid(r1, &(0x7f0000000080), 0xfffffe38) getpgrp(0x0) sendmsg$TIPC_NL_MON_GET(r1, 0x0, 0x67974582d2338fc) 03:53:38 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0x4) 03:53:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:38 executing program 3: r0 = syz_open_dev$usbfs(0x0, 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:39 executing program 1: semop(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') gettid() tkill(0x0, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x0) clock_gettime(0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000059, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r4, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) syz_genetlink_get_family_id$ipvs(0x0) r5 = socket$netlink(0x10, 0x3, 0x0) open(0x0, 0x0, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="e00000002d05ccd0b5bbc4acc0e44dda99dc4f7f9a42ee1027fe112c0200000070249acc3fff104aed2d38308a4f9dba5196c6980c2a98644541b92b77436bdb08b0d980530a433e70ce73df889387fe1eedac5581fa85facf75d14a468bb4df0a74581a9de46f53c37c18c4792b4ce2cafcb9471633", @ANYPTR=&(0x7f0000000b80)=ANY=[]], 0x2}}, 0x8050) [ 2549.763121][T24024] picdev_read: 6 callbacks suppressed [ 2549.763127][T24024] kvm: pic: non byte read [ 2549.795665][T24024] picdev_write: 6 callbacks suppressed [ 2549.795670][T24024] kvm: pic: non byte write [ 2549.804442][T24031] devpts: called with bogus options [ 2549.808247][T24024] kvm: pic: single mode not supported [ 2549.808402][T24024] kvm: pic: non byte read [ 2549.865655][T24024] kvm: pic: non byte write [ 2549.885914][T24024] kvm: pic: non byte read [ 2549.892974][T24024] kvm: pic: non byte write [ 2549.897869][T24024] kvm: pic: non byte read [ 2549.906898][T24024] kvm: pic: non byte write [ 2549.914095][T24024] kvm: pic: non byte read [ 2549.935880][T24024] kvm: pic: non byte write [ 2549.945037][T24024] kvm: pic: non byte read [ 2549.958668][T24024] kvm: pic: non byte write [ 2549.975642][T24024] kvm: pic: non byte read [ 2549.980532][T24024] kvm: pic: non byte write [ 2549.990268][T24024] kvm: pic: non byte read [ 2549.997559][T24024] kvm: pic: non byte write [ 2550.006849][T24024] kvm: pic: non byte read [ 2550.013804][T24024] kvm: pic: non byte write [ 2550.019309][T24024] kvm: pic: non byte read [ 2550.028648][T24024] kvm: pic: non byte write [ 2550.474333][T24034] devpts: called with bogus options 03:53:47 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:53:47 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:47 executing program 5: syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x6) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x8) sendfile(r0, r0, 0x0, 0x24000000) timer_getoverrun(0x0) read$rfkill(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000340)=""/202, 0xca}, {&(0x7f00000004c0)=""/158, 0x9e}, {&(0x7f0000000680)=""/175, 0xaf}], 0x3) write$cgroup_pid(r1, &(0x7f0000000080), 0xfffffe38) getpgrp(0x0) sendmsg$TIPC_NL_MON_GET(r1, 0x0, 0x67974582d2338fc) 03:53:47 executing program 1: sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fffffffffd}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaac01, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x1019b, 0x400}], 0x5, 0x0) [ 2557.936718][T24057] EXT4-fs (loop1): Can't mount with encoding and encryption 03:53:47 executing program 2: 03:53:47 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:47 executing program 5: 03:53:47 executing program 1: 03:53:47 executing program 1: 03:53:47 executing program 5: 03:53:55 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:53:55 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:53:55 executing program 1: 03:53:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:53:55 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x0, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) r3 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r4, 0x6e, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x281ba9cbf1677496}]) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fallocate(r1, 0x100000003, 0xbffe, 0x28120001) ioctl$TIOCEXCL(r1, 0x540c) recvmmsg(0xffffffffffffffff, &(0x7f0000002ec0), 0x400000000000008, 0x12, &(0x7f00000001c0)={0x77359400}) 03:54:07 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000280), 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) r1 = creat(0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r2, 0x6e, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x281ba9cbf1677496}]) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fallocate(r0, 0x100000003, 0xbffe, 0x28120001) ioctl$TIOCEXCL(r0, 0x540c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12, &(0x7f00000001c0)={0x77359400}) 03:54:07 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x1) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0) creat(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() r2 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55) keyctl$get_security(0x11, r2, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="674c66f736f7f900fcff0100000000006517a42ac4cb7a63d1a97a7e6d06589e03469637a7267592938766010a35efd29affe2009efdc31a381587a53c0d000000000000c1b088cde84f03d05ebc7e87c10dfc8b0f01000000cd578bcd3e51a594acdea573d84d62215d3e9e1c3ce9db868d4ee3bc0b00f8865611d9e5a0a652c1a8cf8d285e1629b0e097e78390c268b4059ba00c2f81d8ebc88648339483943bc0347fbcaa918f1383e456de840a334085ee5ad56dbd8d027120d49deb92c530d75197d928a5f717d65887ff134d47670425471677a4d138f00793f65543c00a7d184600c1a1e2becbdb0201040000acef872bca4f2406113d24f55497555a3e20f72f70fca36e7c1eff2a20d066e8d274a6cbac543afaf4566cd99b169cb5b475d37483b7d7b338100d4b455c66844b189789ec88474dbec2b11089a4d00990773d1496747ecb10df946e3381ef83eca40e08824737d96bd418e8d6350eba88f94f226186767f0b1c2f536cf7e716098edb7c7a664cb8227ecf893d6d0f08d9d973b2a1ffe3c6fdb70dd6a12658aa5315e9a99b2b8d3d9af47013ab6a7363ebb2fa72695c318e3c048a3868df430ff23fabe9350cd74a26500f204d7017c2833d2bb03fcb534a9c8d59b3bf04a260af2510fca877aecdae3fc1e89de3924ef1793f0b221084f05b9005c112f9df32a7f2978c93bc9ce2cec7cd103e8db424c98ac185233c6d10ec5f51e8e6562c7cae66ab3fa16f70d39285fc60225237d47f804109dd51d6b3df2fbd210a51a9b5243e3ea86e6a9b4908371e3a6d7afc3dfeaf436ee3846e514fd68d701010ff0ab17aab35374006394d0000000000000000000000003c98a3e2c063a64fe17eadec80e813258c36033f36b83cda6f3f48d84995a5318c17f7ab6b624380e912f9c82480b5d20db220c6d3df59d9d08b44717bbbc831de5d0e499e1c1219"], 0x74) sendfile(r3, r3, &(0x7f0000000200), 0xa198) 03:54:07 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:07 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x0, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) r3 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r4, 0x6e, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x281ba9cbf1677496}]) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fallocate(r1, 0x100000003, 0xbffe, 0x28120001) ioctl$TIOCEXCL(r1, 0x540c) recvmmsg(0xffffffffffffffff, &(0x7f0000002ec0), 0x400000000000008, 0x12, &(0x7f00000001c0)={0x77359400}) 03:54:07 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:08 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:54:08 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:08 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, 0x0) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) syz_read_part_table(0x0, 0x5b, &(0x7f0000000080)=[{&(0x7f0000000000)="0201fdffffff01000000ff07000000000000550008000000000000000040000000006300000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0xd) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x0, 0x0, @empty}, 0x1c) bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c80, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) dup2(0xffffffffffffffff, 0xffffffffffffffff) pipe(0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r4, 0xffffffffffffffff) r5 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r5, &(0x7f0000000140)=[{0x0}], 0x1) r6 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 03:54:08 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x1) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0) creat(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() r2 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55) keyctl$get_security(0x11, r2, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="674c66f736f7f900fcff0100000000006517a42ac4cb7a63d1a97a7e6d06589e03469637a7267592938766010a35efd29affe2009efdc31a381587a53c0d000000000000c1b088cde84f03d05ebc7e87c10dfc8b0f01000000cd578bcd3e51a594acdea573d84d62215d3e9e1c3ce9db868d4ee3bc0b00f8865611d9e5a0a652c1a8cf8d285e1629b0e097e78390c268b4059ba00c2f81d8ebc88648339483943bc0347fbcaa918f1383e456de840a334085ee5ad56dbd8d027120d49deb92c530d75197d928a5f717d65887ff134d47670425471677a4d138f00793f65543c00a7d184600c1a1e2becbdb0201040000acef872bca4f2406113d24f55497555a3e20f72f70fca36e7c1eff2a20d066e8d274a6cbac543afaf4566cd99b169cb5b475d37483b7d7b338100d4b455c66844b189789ec88474dbec2b11089a4d00990773d1496747ecb10df946e3381ef83eca40e08824737d96bd418e8d6350eba88f94f226186767f0b1c2f536cf7e716098edb7c7a664cb8227ecf893d6d0f08d9d973b2a1ffe3c6fdb70dd6a12658aa5315e9a99b2b8d3d9af47013ab6a7363ebb2fa72695c318e3c048a3868df430ff23fabe9350cd74a26500f204d7017c2833d2bb03fcb534a9c8d59b3bf04a260af2510fca877aecdae3fc1e89de3924ef1793f0b221084f05b9005c112f9df32a7f2978c93bc9ce2cec7cd103e8db424c98ac185233c6d10ec5f51e8e6562c7cae66ab3fa16f70d39285fc60225237d47f804109dd51d6b3df2fbd210a51a9b5243e3ea86e6a9b4908371e3a6d7afc3dfeaf436ee3846e514fd68d701010ff0ab17aab35374006394d0000000000000000000000003c98a3e2c063a64fe17eadec80e813258c36033f36b83cda6f3f48d84995a5318c17f7ab6b624380e912f9c82480b5d20db220c6d3df59d9d08b44717bbbc831de5d0e499e1c1219"], 0x74) sendfile(r3, r3, &(0x7f0000000200), 0xa198) [ 2579.661310][T24143] loop5: p1 p2[EZD] p3 p4 [ 2579.665889][T24143] loop5: partition table partially beyond EOD, truncated [ 2579.770922][T24143] loop5: p1 start 1 is beyond EOD, truncated [ 2579.777361][T24143] loop5: p2 size 1073741824 extends beyond EOD, truncated [ 2579.811291][T24143] loop5: p3 size 1912633224 extends beyond EOD, truncated [ 2579.826819][T24143] loop5: p4 size 32768 extends beyond EOD, truncated 03:54:18 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_AIE_OFF(r0, 0x7002) clone(0x208100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r1, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:auditd_etc_t:-0\x00', 0x22, 0x0) 03:54:18 executing program 3: syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:18 executing program 5: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x1) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0) creat(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() r2 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55) keyctl$get_security(0x11, r2, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="674c66f736f7f900fcff0100000000006517a42ac4cb7a63d1a97a7e6d06589e03469637a7267592938766010a35efd29affe2009efdc31a381587a53c0d000000000000c1b088cde84f03d05ebc7e87c10dfc8b0f01000000cd578bcd3e51a594acdea573d84d62215d3e9e1c3ce9db868d4ee3bc0b00f8865611d9e5a0a652c1a8cf8d285e1629b0e097e78390c268b4059ba00c2f81d8ebc88648339483943bc0347fbcaa918f1383e456de840a334085ee5ad56dbd8d027120d49deb92c530d75197d928a5f717d65887ff134d47670425471677a4d138f00793f65543c00a7d184600c1a1e2becbdb0201040000acef872bca4f2406113d24f55497555a3e20f72f70fca36e7c1eff2a20d066e8d274a6cbac543afaf4566cd99b169cb5b475d37483b7d7b338100d4b455c66844b189789ec88474dbec2b11089a4d00990773d1496747ecb10df946e3381ef83eca40e08824737d96bd418e8d6350eba88f94f226186767f0b1c2f536cf7e716098edb7c7a664cb8227ecf893d6d0f08d9d973b2a1ffe3c6fdb70dd6a12658aa5315e9a99b2b8d3d9af47013ab6a7363ebb2fa72695c318e3c048a3868df430ff23fabe9350cd74a26500f204d7017c2833d2bb03fcb534a9c8d59b3bf04a260af2510fca877aecdae3fc1e89de3924ef1793f0b221084f05b9005c112f9df32a7f2978c93bc9ce2cec7cd103e8db424c98ac185233c6d10ec5f51e8e6562c7cae66ab3fa16f70d39285fc60225237d47f804109dd51d6b3df2fbd210a51a9b5243e3ea86e6a9b4908371e3a6d7afc3dfeaf436ee3846e514fd68d701010ff0ab17aab35374006394d0000000000000000000000003c98a3e2c063a64fe17eadec80e813258c36033f36b83cda6f3f48d84995a5318c17f7ab6b624380e912f9c82480b5d20db220c6d3df59d9d08b44717bbbc831de5d0e499e1c1219"], 0x74) sendfile(r3, r3, &(0x7f0000000200), 0xa198) 03:54:18 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x1) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0) creat(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() r2 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55) keyctl$get_security(0x11, r2, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="674c66f736f7f900fcff0100000000006517a42ac4cb7a63d1a97a7e6d06589e03469637a7267592938766010a35efd29affe2009efdc31a381587a53c0d000000000000c1b088cde84f03d05ebc7e87c10dfc8b0f01000000cd578bcd3e51a594acdea573d84d62215d3e9e1c3ce9db868d4ee3bc0b00f8865611d9e5a0a652c1a8cf8d285e1629b0e097e78390c268b4059ba00c2f81d8ebc88648339483943bc0347fbcaa918f1383e456de840a334085ee5ad56dbd8d027120d49deb92c530d75197d928a5f717d65887ff134d47670425471677a4d138f00793f65543c00a7d184600c1a1e2becbdb0201040000acef872bca4f2406113d24f55497555a3e20f72f70fca36e7c1eff2a20d066e8d274a6cbac543afaf4566cd99b169cb5b475d37483b7d7b338100d4b455c66844b189789ec88474dbec2b11089a4d00990773d1496747ecb10df946e3381ef83eca40e08824737d96bd418e8d6350eba88f94f226186767f0b1c2f536cf7e716098edb7c7a664cb8227ecf893d6d0f08d9d973b2a1ffe3c6fdb70dd6a12658aa5315e9a99b2b8d3d9af47013ab6a7363ebb2fa72695c318e3c048a3868df430ff23fabe9350cd74a26500f204d7017c2833d2bb03fcb534a9c8d59b3bf04a260af2510fca877aecdae3fc1e89de3924ef1793f0b221084f05b9005c112f9df32a7f2978c93bc9ce2cec7cd103e8db424c98ac185233c6d10ec5f51e8e6562c7cae66ab3fa16f70d39285fc60225237d47f804109dd51d6b3df2fbd210a51a9b5243e3ea86e6a9b4908371e3a6d7afc3dfeaf436ee3846e514fd68d701010ff0ab17aab35374006394d0000000000000000000000003c98a3e2c063a64fe17eadec80e813258c36033f36b83cda6f3f48d84995a5318c17f7ab6b624380e912f9c82480b5d20db220c6d3df59d9d08b44717bbbc831de5d0e499e1c1219"], 0x74) sendfile(r3, r3, &(0x7f0000000200), 0xa198) 03:54:18 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:54:18 executing program 3: syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000004b00)=[{{&(0x7f0000000240)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001bc0)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@cipso={0x86, 0xa, 0xa847, [{0x0, 0x2}, {0x0, 0x1}]}]}}}], 0x20}}], 0x5, 0x0) 03:54:19 executing program 3: syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x41045508, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:19 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x3}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x28, &(0x7f0000000040)={0x0, 0x0}}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r1}, 0xc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r2, &(0x7f0000000100)="e8", &(0x7f00000002c0)}, 0x20) [ 2589.818436][T24195] picdev_read: 6 callbacks suppressed [ 2589.818442][T24195] kvm: pic: non byte read [ 2589.841000][T24195] picdev_write: 6 callbacks suppressed [ 2589.841005][T24195] kvm: pic: non byte write [ 2589.856212][T24195] kvm: pic: single mode not supported [ 2589.856379][T24195] kvm: pic: non byte read 03:54:19 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, 0x0) [ 2589.864790][T24195] kvm: pic: non byte write [ 2589.884303][T24195] kvm: pic: non byte read [ 2589.889076][T24195] kvm: pic: non byte write [ 2589.894503][T24195] kvm: pic: non byte read [ 2589.899276][T24195] kvm: pic: non byte write [ 2589.912254][T24195] kvm: pic: non byte read [ 2589.929399][T24195] kvm: pic: non byte write [ 2589.955311][T24195] kvm: pic: non byte read [ 2589.960103][T24195] kvm: pic: non byte write [ 2589.974692][T24195] kvm: pic: non byte read [ 2589.990267][T24195] kvm: pic: non byte write [ 2590.006057][T24195] kvm: pic: non byte read [ 2590.016912][T24195] kvm: pic: non byte write [ 2590.030265][T24195] kvm: pic: non byte read [ 2590.044878][T24195] kvm: pic: non byte write [ 2590.064780][T24195] kvm: pic: non byte read [ 2590.070838][T24195] kvm: pic: non byte write 03:54:27 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x6, &(0x7f0000000a80)=ANY=[@ANYBLOB="1e00ed6c5ec5273acab1e7c37901243c9a9fd10969673f79c5087a59a31251a1d3dd251b90b5d2ba502bc1565200d9f97390"], &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x12040) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000bc0)={0x0}, 0x10) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x140, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x7fffffff, 0x7}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x94}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r1) write$cgroup_type(r1, 0x0, 0x0) recvmsg(r1, &(0x7f0000006900)={0x0, 0xffffffffffffff6f, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/220, 0xdc}], 0x5cc, &(0x7f0000006840)=""/131, 0x83}, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x40000000) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000100)='/dev/net/tun\x00'}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000004c0), 0xc) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000380)={0x7fff}, 0xc) r2 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x10000000d) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x6609, 0x0) perf_event_open(&(0x7f0000000500)={0x5, 0x70, 0x6, 0x8, 0x1, 0xff, 0x0, 0x9, 0xc10, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x4, 0x1, 0x8, 0x0, 0x571e}, r2, 0x1, 0xffffffffffffffff, 0x6) mkdirat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='//z0\xff', 0x1c0) 03:54:27 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb9040a1d65ef0b007c05e87c55a1bc000900b8000699030000000500150007008178a8001600400002000200000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 03:54:27 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, 0x0) 03:54:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:27 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) 03:54:27 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r1) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:54:28 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, 0x0) [ 2598.635718][T24220] IPv6: NLM_F_CREATE should be specified when creating new route [ 2598.650852][T24220] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.5'. 03:54:28 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:28 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb9040a1d65ef0b007c05e87c55a1bc000900b8000699030000000500150007008178a8001600400002000200000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 03:54:28 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2598.918280][T24240] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.5'. 03:54:28 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x41045508, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:54:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r3, 0x0) ppoll(&(0x7f0000002080)=[{r1}, {0xffffffffffffffff, 0x100}, {}, {r2, 0x2}, {r3}, {0xffffffffffffffff, 0x400}], 0x6, &(0x7f00000020c0)={0x0, 0x989680}, &(0x7f0000002100)={0x81}, 0x8) 03:54:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:37 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xe00) 03:54:37 executing program 1: bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb9040a1d65ef0b007c05e87c55a1bc000900b8000699030000000500150007008178a8001600400002000200000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 03:54:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @rand_addr="52f1d431bdb7077f65c0a1709c2830b8"}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) 03:54:37 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r1) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) [ 2607.833604][T24259] IPv6: NLM_F_CREATE should be specified when creating new route [ 2607.841916][T24259] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. 03:54:37 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:37 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$poke(0x9, r1, 0x0, 0x0) 03:54:37 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x378}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x7ffff000) 03:54:37 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 2608.013850][T24273] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2608.041680][T24276] ptrace attach of "/root/syz-executor.1"[12504] was attempted by "/root/syz-executor.1"[24276] 03:54:37 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 03:54:37 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2608.110827][T24285] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2608.142869][T24283] ptrace attach of "/root/syz-executor.1"[12504] was attempted by "/root/syz-executor.1"[24283] [ 2608.254691][T24291] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:54:46 executing program 2: 03:54:46 executing program 5: syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x6) sendfile(r0, r0, 0x0, 0x24000000) timer_getoverrun(0x0) read$rfkill(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8cT', 0x2761, 0x0) readv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}, {&(0x7f00000004c0)=""/158, 0x9e}, {0x0}, {&(0x7f0000000580)=""/244, 0xf4}, {&(0x7f0000000680)=""/175, 0xaf}], 0x5) write$cgroup_pid(r1, &(0x7f0000000080), 0xfffffe38) getpgrp(0x0) sendmsg$TIPC_NL_MON_GET(r1, 0x0, 0x67974582d2338fc) 03:54:46 executing program 1: 03:54:46 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 03:54:46 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:46 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r1) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:54:46 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:54:46 executing program 1: 03:54:46 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2617.137685][T24309] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2617.241036][T24318] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:54:46 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:54:46 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:46 executing program 1: 03:54:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) clock_gettime(0x0, 0x0) recvmmsg(r1, &(0x7f0000003ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:54:56 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:54:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:54:56 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:56 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x75, &(0x7f0000000080)=""/4096, &(0x7f0000001140)=0x101df) 03:54:56 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:54:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) 03:54:57 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:54:57 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:54:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2628.214302][T24379] picdev_read: 6 callbacks suppressed [ 2628.214318][T24379] kvm: pic: non byte read [ 2628.225764][T24379] picdev_write: 6 callbacks suppressed [ 2628.225801][T24379] kvm: pic: non byte write [ 2628.236399][T24379] kvm: pic: single mode not supported [ 2628.236808][T24379] kvm: pic: non byte read [ 2628.246908][T24379] kvm: pic: non byte write [ 2628.252279][T24379] kvm: pic: non byte read [ 2628.256975][T24379] kvm: pic: non byte write 03:55:04 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="3b00000003000000000000000000000004000000000000001a000000000000bdfaa84ed8aa6160a47882d31d006c6f7472757374656423766d6e65"], 0x3b) 03:55:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:55:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:04 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x900000000000000, &(0x7f0000000100)={0x4, 0x4, 0x200000004, 0x1, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0x2e, 0x2e, 0x80ffff, 0x2e, 0x2e, 0x80ffff, 0x5f, 0x5f, 0x2]}, 0x3c) 03:55:04 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:55:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:04 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:55:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:04 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:55:04 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) [ 2634.970306][T24406] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2635.141247][T24395] kvm: pic: non byte read [ 2635.152581][T24395] kvm: pic: non byte write [ 2635.158288][T24395] kvm: pic: single mode not supported [ 2635.159909][T24395] kvm: pic: non byte read [ 2635.161328][T24417] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2635.166921][T24395] kvm: pic: non byte write [ 2635.186056][T24395] kvm: pic: non byte read [ 2635.192333][T24395] kvm: pic: non byte write 03:55:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r7 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r7, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r8 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r8, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r9 = socket$kcm(0xa, 0x2, 0x11) r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r10, 0x4) setsockopt$sock_attach_bpf(r9, 0x29, 0x19, &(0x7f00000005c0)=r10, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r9, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r9, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r11, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r12 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r13 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r13, r12, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r14 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r13, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r14, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) 03:55:19 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 03:55:19 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) 03:55:19 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:19 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:55:19 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:55:19 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2650.188137][T24429] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:19 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2650.287588][T24442] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:19 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000002f00815be00f80ecdb4cb9040b4865160b0003002e00000012000014c2ed3c001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 03:55:19 executing program 5: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000700)={'team0\x00\x00\x00@\x00\x00\x00\xf7\x00'}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000700)={'team0\x00\x00\x00\x00\x00\x00\x00\xf7\x00', @broadcast}) socket$kcm(0x29, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) [ 2650.408368][T24453] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2650.546762][T24457] device team0 left promiscuous mode [ 2650.565733][T24457] device team_slave_0 left promiscuous mode [ 2650.578058][T24457] device team_slave_1 left promiscuous mode [ 2650.721151][T24464] device team0 entered promiscuous mode [ 2650.726769][T24464] device team_slave_0 entered promiscuous mode [ 2650.740949][T24464] device team_slave_1 entered promiscuous mode [ 2650.749325][T24464] 8021q: adding VLAN 0 to HW filter on device team0 [ 2650.770105][T24457] device team0 left promiscuous mode [ 2650.779040][T24457] device team_slave_0 left promiscuous mode [ 2650.788887][T24457] device team_slave_1 left promiscuous mode 03:55:26 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000002f00815be00f80ecdb4cb9040a486516080003002e00000012000014c2ed3c001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 03:55:26 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:26 executing program 5: socket$kcm(0x2c, 0x3, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="48000000140081fb7059ae08060c04002cff0f030088a8ffff02020000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) 03:55:26 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:55:26 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:55:26 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="140000002f00815be00f80ecdb4cb90405486516", 0x14}], 0x1}, 0x0) 03:55:26 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2657.403549][T24482] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:26 executing program 5: syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x7, 0x182) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) sendfile(r0, r0, 0x0, 0x24000000) timer_getoverrun(0x0) read$rfkill(0xffffffffffffffff, &(0x7f0000000040), 0x8) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8cT', 0x2761, 0x0) readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000340)=""/202, 0xca}, {&(0x7f00000004c0)=""/158, 0x9e}, {0x0}], 0x3) write$cgroup_pid(r1, &(0x7f0000000080), 0xfffffe38) getpgrp(0x0) sendmsg$TIPC_NL_MON_GET(r1, 0x0, 0x67974582d2338fc) 03:55:26 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2657.497948][T24491] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2657.611637][T24495] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:27 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2657.781050][T24505] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:37 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xf5ffffff00000000, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="020005000000fc01001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000150000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b09000000000000001a4ce875f2e340b7679500800010000000000101013c581103b34c0d6327ecce66fd792bbf0e5bf5ff1b0816e3f6db1c00010000000040000049740000000000000002ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) 03:55:37 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:37 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:55:37 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x378}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 2668.636965][T24522] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:38 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:38 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:55:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:38 executing program 5: socket$inet6(0xa, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x7) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0) [ 2668.779017][T24534] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:38 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2668.945040][T24547] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2669.002579][T24548] sp0: Synchronizing with TNC 03:55:38 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2669.159944][T24565] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2669.315057][T24548] sp0: Synchronizing with TNC 03:55:49 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000b40)='oom_adj\x00') r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00\x9f\xc5r\x0e8J\xdb@\xf8\xbfj1\xe8\xce\x88\x02^\xb2\xf4hTR2\xf1\x89\x1e~m\x19\xc9lG^l\x13c7\xf7$\x7f?9>b\xe8/<\xdbj>:\xd9\x10\x04r\x18\x15\xdc)\x10I<\xd0:\x0f\x18\xec\x00\xc2w\x8a0C\xf8\xa9\xeaa\x16\x8c\xe6C\xf5\xcb\xdc\x1c\xea`\x9c\xe1\x8e\xdd\x8e\xaa\x1f\xf4\xaf\xa3Z\xbf\x17M\x1a\xff\xb1\x8dP]<\x9e\xe1B[y\xe6\xae\xe9I\xdb)\x9b\xcb\xa3Wlt\xe9\xa9\xfc\xf8\xde\xf0]\n\xa5S\x16\x1dh\x88\xc5\xea\xcf\xca5\xd2.\x93\xfd\t\x90#hq\r\x9b;\x83\xdd\x0fs\x80\x12\xc6\x8e~\xd4\xef\xc7:\xee4cu\xb2\x03\xd5\xd5)\xc9\xf1/\xea\x95_\'\xfb\xb9\xa94\xca\x9e\xf3\xfb\xc9\xd6~\xd5\xb7}B\xe5.\x86\xbf\xbb#\xb9\xf7N\xb3\xfe?x\xccX^\x16bz\"\x8a\xa45\x10t\xbb\xb7\xca\xa7\xcc\xde_\xdc\xab\xf2\xb8\xc7\xb3\xd3&$\xbb4\x81\t\xbb\xe3\xbfB(ln\xbc\xe9E<6$\x8f)\xb0\x1a\xc9\xe3\x18\xa6\xd9zk\x94Z\xed\x96\xad\xe2\\\xcb,!\x13\rv)r\xf1\x00E\xcccgr\xbf\xd4uB\x9f\xa5\x8c8\xe4D\x0f\xd3Vtd\x89\xc8V\x14\x17=\xd9\xcf*\xc8\xc7\xb7\xcc\x182/Jm\x8c5\x93\x14\xfd\x02\'\xe3\xc9\x12~\xc3\x10\xb7\xc7\xae\xcfA\x823|\xfd\xba2\xbd\xc6-\xe0E_x\xc7i\x8dV\xd9\\_l\xfb\xd8xX.N\x9bd\x91\xd5\xc1\xa1\xbahL\x95wF\x13{\xfd\xc8T\x1f\xe1)h\a\xe8Wn]\xe4') sendfile(r0, r1, 0x0, 0x80000000003ff) 03:55:49 executing program 3: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:49 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) 03:55:49 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm_plock\x00', 0x40, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f00000002c0)={'teql0\x00', @random="2d0dac71d163"}) syz_read_part_table(0xf5ffffff00000000, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="020005000000fc01001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) [ 2679.973345][T24602] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:49 executing program 3: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2680.052291][T24598] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 2680.071320][T24598] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 2680.093454][T24598] loop5: p2 < > [ 2680.127983][T24612] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:51 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:55:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:51 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_matches\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) dup3(r2, r0, 0x0) 03:55:51 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) 03:55:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2682.219222][T24633] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2682.292994][T24640] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:58 executing program 2: write(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) rt_sigpending(&(0x7f0000000300), 0xfffffffffffffe55) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000340)) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)) r3 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vc3a#\x00', 0x1, 0x80) write$P9_RCLUNK(r3, &(0x7f0000000080)={0x7, 0x79, 0x3}, 0x7) write$P9_ROPEN(r3, &(0x7f0000000580)={0x18, 0x71, 0x0, {{0x2, 0xfffffffd}}}, 0x18) syz_open_pts(r3, 0x2000) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000180)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$KVM_RUN(r2, 0xae80, 0x0) socket(0x10, 0x80002, 0x0) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) clone3(&(0x7f0000000480)={0xe42009d7e506ac11, &(0x7f00000001c0), &(0x7f00000002c0)=0x0, &(0x7f0000000380), 0x23, 0x0, &(0x7f00000003c0)=""/83, 0x53, &(0x7f0000000440)=""/14}, 0x40) ptrace$getsig(0x4202, r6, 0x0, &(0x7f00000004c0)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x82, &(0x7f0000000000)=@assoc_value={r7}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r7, 0x7fffffff}, &(0x7f0000000100)=0x8) 03:55:58 executing program 5: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setpipe(r1, 0x407, 0x1) vmsplice(r0, &(0x7f0000000500)=[{&(0x7f0000000080)="99c340d88f48d35418ff061406dbc8cc8ad8c27e56bfaad25f9228c4f5108f49464a995cb105661116d858ec43bba20ae3f662101f0f37ecaa91c84e7ec23fc30d3156066e03745962c3a45d8a45b57bab8ff0084d093952d527ad52b0dfabe53968528ba3d853ba93a3", 0x6a}, {0x0}, {&(0x7f0000000300)="7473caff125112d485", 0x9}, {0x0}], 0x4, 0x6) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7657612c99934796}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0xfffffffffffffffe) splice(r0, 0x0, r2, 0x0, 0x30005, 0x0) r3 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r3) syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) 03:55:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:55:58 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) [ 2689.210461][T24648] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2689.292416][T24651] kvm: pic: non byte read [ 2689.297061][T24651] kvm: pic: non byte write [ 2689.321760][T24651] kvm: pic: single mode not supported [ 2689.323142][T24651] kvm: pic: non byte read [ 2689.339497][T24661] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2689.349084][T24651] kvm: pic: non byte write [ 2689.363155][T24651] kvm: pic: non byte read [ 2689.380184][T24651] kvm: pic: non byte write [ 2689.394856][T24651] kvm: pic: non byte read [ 2689.399526][T24651] kvm: pic: non byte write [ 2689.405800][T24651] kvm: pic: non byte read [ 2689.410463][T24651] kvm: pic: non byte write [ 2689.415758][T24651] kvm: pic: non byte read [ 2689.423622][T24651] kvm: pic: non byte write [ 2689.433344][T24651] kvm: pic: non byte read [ 2689.438094][T24651] kvm: pic: non byte write [ 2689.443553][T24651] kvm: pic: non byte read [ 2689.448411][T24651] kvm: pic: non byte write [ 2689.453808][T24651] kvm: pic: non byte read [ 2689.474178][T24651] kvm: pic: non byte write [ 2689.479178][T24651] kvm: pic: non byte read [ 2689.484446][T24651] kvm: pic: non byte write 03:56:04 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:56:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:04 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:04 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000100), 0x12) [ 2694.757653][T24674] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:04 executing program 5: r0 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) [ 2694.855515][T24673] picdev_read: 6 callbacks suppressed [ 2694.855522][T24673] kvm: pic: non byte read [ 2694.871308][T24673] picdev_write: 6 callbacks suppressed [ 2694.871313][T24673] kvm: pic: non byte write [ 2694.886990][T24673] kvm: pic: single mode not supported [ 2694.887154][T24673] kvm: pic: non byte read [ 2694.897391][T24673] kvm: pic: non byte write [ 2694.907275][T24673] kvm: pic: non byte read [ 2694.913437][T24673] kvm: pic: non byte write [ 2694.918269][T24673] kvm: pic: non byte read [ 2694.931159][T24673] kvm: pic: non byte write [ 2694.936012][T24673] kvm: pic: non byte read [ 2694.953817][T24673] kvm: pic: non byte write [ 2694.958643][T24673] kvm: pic: non byte read [ 2694.975752][T24673] kvm: pic: non byte write [ 2694.980809][T24673] kvm: pic: non byte read [ 2694.985521][T24673] kvm: pic: non byte write [ 2694.990301][T24673] kvm: pic: non byte read [ 2695.009316][T24673] kvm: pic: non byte write [ 2695.020515][T24673] kvm: pic: non byte read [ 2695.036935][T24673] kvm: pic: non byte write [ 2695.044229][T24673] kvm: pic: non byte read [ 2695.048810][T24673] kvm: pic: non byte write 03:56:09 executing program 2: perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) writev(0xffffffffffffffff, 0x0, 0x0) 03:56:09 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:09 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:09 executing program 5: pipe(0x0) pipe(0x0) pipe2(&(0x7f0000000e80), 0x0) r0 = socket$alg(0x26, 0x5, 0x0) setxattr$security_ima(0x0, &(0x7f0000000280)='security.ima\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0100"], 0x1, 0x2) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000000)) r1 = accept(r0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f00000052c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000003c0)="567134ce97d796c4709850ddd7698a867c20e3c1918b5ada673ae9fab5160f8d", 0x200003e0}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000002e40), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f00000000c0)) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) dup(0xffffffffffffffff) mkdir(0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) 03:56:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2700.647062][T24695] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:10 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2700.739493][T24697] picdev_read: 6 callbacks suppressed [ 2700.739500][T24697] kvm: pic: non byte read [ 2700.786793][T24697] picdev_write: 6 callbacks suppressed [ 2700.786798][T24697] kvm: pic: non byte write [ 2700.811785][T24697] kvm: pic: single mode not supported [ 2700.811943][T24697] kvm: pic: non byte read [ 2700.865004][T24697] kvm: pic: non byte write [ 2700.881053][T24697] kvm: pic: non byte read [ 2700.908442][T24697] kvm: pic: non byte write [ 2700.922326][T24697] kvm: pic: non byte read [ 2700.928630][T24708] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2700.931200][T24697] kvm: pic: non byte write [ 2700.956188][T24697] kvm: pic: non byte read [ 2700.961440][T24697] kvm: pic: non byte write [ 2700.966361][T24697] kvm: pic: non byte read [ 2700.971259][T24697] kvm: pic: non byte write [ 2700.976038][T24697] kvm: pic: non byte read [ 2700.980520][T24697] kvm: pic: non byte write [ 2700.985799][T24697] kvm: pic: non byte read [ 2700.990401][T24697] kvm: pic: non byte write [ 2700.995885][T24697] kvm: pic: non byte read [ 2701.002033][T24697] kvm: pic: non byte write [ 2701.006838][T24697] kvm: pic: non byte read [ 2701.011779][T24697] kvm: pic: non byte write 03:56:17 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x1, 0x0, 0x0}, 0x20) 03:56:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:17 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:56:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:17 executing program 5: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000), 0x4) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x882) r2 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x85nG\x13g\xa6\x05', 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000240)='\'', 0xfcc9}], 0x1, 0x81805) socketpair(0x0, 0x4, 0x0, &(0x7f00000000c0)) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x17, &(0x7f00000001c0), &(0x7f0000000200)=0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040010) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r0, r1, 0x0, 0x20002000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) [ 2708.152366][T24721] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2708.252756][T24722] debugfs: Directory 'vcpu0' with parent '24722-4' already present! 03:56:23 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:23 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ff00002c000500cf182897f09730af00050000e700000000ffc54c1960dbb7d58259483533a055a653b4a421556b3d5df500", 0x39}], 0x1}, 0x0) 03:56:23 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000002f00815be00f80ecdb4cb90409486516080003002e00000012000014c2ed3c001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) [ 2714.349722][T24748] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:23 executing program 5: r0 = gettid() getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) write$binfmt_script(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="01e202df45f1f8eddb8ee3440f00104c99f10cc6297fa1b9"], 0x18) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0x0, 0x250, 0x110, 0x0, 0x0, 0x310, 0x310, 0x310, 0x310, 0x310, 0x4, &(0x7f0000000000), {[{{@ip={@local, @multicast2, 0xffffff00, 0x0, 'team0\x00', 'vlan0\x00', {}, {0xff}, 0x29, 0x2}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x178ec3f3, 0x8}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xaea60e442d25bf1e}}}, {{@uncond, 0x0, 0x100, 0x140, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x0, [0x0, 0x6, 0x5, 0x40, 0xa3, 0xffc00000]}}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x0, 0x39, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x3, 0x3c, "791483a802c88cbed896b467fece278ef918f97adc5d68eb4e845c6d237f"}}}, {{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth1_to_bridge\x00', 'rose0\x00', {0xff}, {0xff}, 0x88, 0x1, 0x40}, 0x0, 0x98, 0xc0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x27b, 0x0, 0xd8c5417a7de5a455}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e8) ptrace$setopts(0x4206, r0, 0x0, 0x0) 03:56:23 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2714.439924][T24750] debugfs: Directory 'vcpu0' with parent '24750-4' already present! [ 2714.530442][T24762] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:30 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:56:30 executing program 5: bpf$MAP_CREATE(0x900000000000000, &(0x7f0000000100)={0x6, 0x4, 0x200000004, 0x1, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0x2e, 0x2e, 0x80ffff, 0x2e, 0x2e, 0x80ffff, 0x5f, 0x5f, 0x2]}, 0x3c) 03:56:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:30 executing program 1: semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) [ 2721.539021][T24777] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:31 executing program 1: semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) [ 2721.777158][T24796] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:32 executing program 2: unshare(0x40600) r0 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') pread64(r0, 0x0, 0xfffffdb0, 0x0) 03:56:32 executing program 5: clone(0x2182001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x809ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='\x00\x00\x00\x00\x00') openat$cgroup_ro(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) fsetxattr$security_smack_entry(r1, 0x0, 0x0, 0xffffffffffffff7e, 0x1) 03:56:32 executing program 1: semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) [ 2723.601074][T24807] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:56:40 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:40 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r3, r4, 0x0, 0x80000001) 03:56:40 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:40 executing program 5: syz_emit_ethernet(0x56, &(0x7f0000000040)={@dev, @random="f9d202488671", [], {@mpls_mc={0x8848, {[], @ipv6={0x0, 0x6, "67fc5a", 0x20, 0x0, 0x0, @rand_addr="dd93ca42637ca0d34d8c400fcf870f6f", @empty, {[], @tipc=@payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}}}, 0x0) 03:56:40 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000002f00815be00f80ecdb4cb90406486516080003002e00000012000014c2ed3c001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 03:56:40 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:40 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getpid() sendmsg$nl_generic(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x1c, 0x19, 0xffffffffffffffff, 0x0, 0x0, {0x8}, [@typed={0x8, 0x3, @pid=r1}]}, 0x1c}}, 0x0) 03:56:42 executing program 2: 03:56:42 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:42 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:42 executing program 5: 03:56:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:52 executing program 5: 03:56:52 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:52 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:56:52 executing program 2: 03:56:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:56:52 executing program 5: 03:56:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, 0x0, 0x0) 03:56:52 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a61c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x80003, 0x11) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) setsockopt$inet6_int(r4, 0x29, 0x7, &(0x7f00000010c0)=0x916, 0x4) splice(r0, 0x0, r4, 0x0, 0x10005, 0x0) 03:56:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:56:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, 0x0, 0x0) 03:56:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, 0x0, 0x0) 03:56:53 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:56:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:07 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:57:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8}, 0x0) 03:57:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:07 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:07 executing program 5: 03:57:07 executing program 2: 03:57:07 executing program 5: 03:57:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8}, 0x0) 03:57:07 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, 0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:07 executing program 5: 03:57:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8}, 0x0) 03:57:18 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:57:18 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, 0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:18 executing program 5: 03:57:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x8}, 0x0) 03:57:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:18 executing program 2: 03:57:18 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)) 03:57:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:18 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, 0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x8}, 0x0) 03:57:18 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x80024322, 0x0) 03:57:19 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000), 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:32 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r1, r2, 0x0, 0x80000001) 03:57:32 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:57:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:32 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000), 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x8}, 0x0) 03:57:32 executing program 2: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_submit(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x0, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:57:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:32 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000), 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x0, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x3c, 0x12, 0x0, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@empty}]}, 0x3c}, 0x8}, 0x0) 03:57:32 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, 0x0, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:45 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:57:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:45 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@getsa={0x28, 0x12, 0x1, 0x0, 0x0, {@in6=@empty}}, 0x28}, 0x8}, 0x0) 03:57:45 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:57:45 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, 0x0, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:45 executing program 2: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000240)) 03:57:45 executing program 3: openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x7) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0xffffffff}) 03:57:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2796.586336][T25074] sp0: Synchronizing with TNC 03:57:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2796.927718][T25078] sp0: Synchronizing with TNC 03:57:46 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:57:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:46 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, 0x0, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:53 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:57:53 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 03:57:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:53 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:57:53 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100), 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:57:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x1000014, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a04", 0x1b3) sendfile(r1, r2, 0x0, 0x7fffffa7) 03:57:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000)={0x401}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:57:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000)={0x401}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:57:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:57:53 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0x40345410, &(0x7f0000000080)) 03:57:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:06 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:58:06 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") 03:58:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:06 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="100000002300817ee45de087185082cf", 0x10}], 0x1}, 0x0) 03:58:06 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100), 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:58:06 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) creat(0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x7) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0xffffffff}) 03:58:06 executing program 3: socket$kcm(0x11, 0x0, 0x300) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) 03:58:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:06 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) 03:58:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2817.702658][T25222] device nr0 entered promiscuous mode 03:58:07 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100), 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) [ 2818.535220][T25222] device nr0 entered promiscuous mode 03:58:19 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") 03:58:19 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:58:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:19 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:58:19 executing program 2: syz_mount_image$iso9660(&(0x7f00000001c0)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@hide='hide'}]}) 03:58:19 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) [ 2830.597654][T25255] device nr0 entered promiscuous mode 03:58:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:20 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:58:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:21 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") 03:58:30 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:58:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:30 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) 03:58:30 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x4]) 03:58:30 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) socket$inet_udplite(0x2, 0x2, 0x88) tkill(r0, 0x15) 03:58:30 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @rand_addr=0x80000000}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 2840.969153][T25311] device nr0 entered promiscuous mode 03:58:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:30 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) socket$inet_udplite(0x2, 0x2, 0x88) tkill(r0, 0x15) 03:58:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0x0, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0x0, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:31 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, 0x0) 03:58:40 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(0xffffffffffffffff, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:58:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0x0, 0xba8e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:40 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) 03:58:40 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) socket$inet_udplite(0x2, 0x2, 0x88) tkill(r0, 0x15) 03:58:40 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, 0x0) 03:58:40 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='stat\x00') pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) preadv(r0, &(0x7f00000017c0), 0x199, 0x0) [ 2851.362768][T25368] device nr0 entered promiscuous mode 03:58:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:41 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:58:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:58:41 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, 0x0) 03:58:54 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:58:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:58:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:58:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) 03:58:54 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) 03:58:54 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)) [ 2864.755469][T25426] device nr0 entered promiscuous mode 03:58:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:58:54 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x84}, {0x6, 0x0, 0x0, 0x7fffffff}]}) 03:58:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffff0, &(0x7f0000000100)=[{&(0x7f00000003c0)="2e0000002300817ee45de087185082cf0124b0eba06ec4a86e8f32e00586f9835b3f00009148790000f8de84c5e2", 0xec0}], 0x1}, 0x0) 03:58:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 2865.284585][T25445] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2865.316478][T25444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 03:58:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4010ae42, 0x0) [ 2865.333264][T25445] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2865.343989][T25445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 03:58:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000080)={0xefb}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:58:55 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)) 03:59:06 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:06 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) ioctl$TIOCSETD(0xffffffffffffffff, 0x541b, 0x0) 03:59:06 executing program 4: msgsnd(0x0, 0x0, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x1, 0x3000) 03:59:06 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) socket$inet6(0xa, 0x3, 0x3c) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:06 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)) 03:59:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 03:59:06 executing program 4: syz_open_dev$usbmon(0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000200), 0x4, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) memfd_create(0x0, 0x0) getpriority(0x2, 0x0) ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0xc0347c03, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:59:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f0000000400)={'ifb0\x00'}) pselect6(0x40, &(0x7f0000000140)={0xffffffff, 0x6, 0x0, 0x100, 0x0, 0x0, 0x100000001, 0x40}, &(0x7f0000000180)={0x0, 0x0, 0x80, 0x3ff, 0x279, 0x10001, 0x0, 0x8}, &(0x7f00000001c0)={0x1, 0x0, 0x400, 0x2, 0x3f, 0x8, 0x7f, 0x1}, &(0x7f0000000200), &(0x7f0000000280)={&(0x7f0000000240)={0x4}, 0x8}) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x10000}) fcntl$lock(r1, 0x25, &(0x7f0000000100)={0x1}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) ptrace$getsig(0x4202, r3, 0x5, &(0x7f00000000c0)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x88001) ioctl$TUNSETTXFILTER(r0, 0x400454d1, 0x0) [ 2877.336841][T25488] device nr0 entered promiscuous mode 03:59:06 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;!\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r1, r0) writev(r0, &(0x7f00000006c0)=[{&(0x7f00000001c0)="a7", 0x1}], 0x1) 03:59:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000002340)=[{0x0}], 0x1) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:59:07 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) 03:59:07 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) socket$inet6(0xa, 0x3, 0x3c) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:21 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:21 executing program 4: perf_event_open(&(0x7f0000000100)={0x8, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:59:21 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:59:21 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) socket$inet6(0xa, 0x3, 0x3c) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:21 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x0]) 03:59:21 executing program 2: 03:59:21 executing program 4: 03:59:21 executing program 4: [ 2891.864260][T25534] device nr0 entered promiscuous mode 03:59:21 executing program 4: 03:59:21 executing program 4: 03:59:21 executing program 4: 03:59:21 executing program 4: 03:59:32 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:32 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:32 executing program 4: 03:59:32 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x0]) 03:59:32 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:59:32 executing program 2: 03:59:32 executing program 4: 03:59:32 executing program 4: [ 2903.263933][T25569] device nr0 entered promiscuous mode 03:59:32 executing program 4: 03:59:32 executing program 4: 03:59:32 executing program 4: 03:59:32 executing program 4: 03:59:42 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:42 executing program 4: 03:59:42 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:42 executing program 1: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000080)=0x4) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x8a, 0x0) semop(0x0, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x6b) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)=[0x0]) 03:59:42 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:59:42 executing program 2: 03:59:43 executing program 4: 03:59:43 executing program 4: [ 2913.724409][T25607] device nr0 entered promiscuous mode 03:59:43 executing program 4: 03:59:43 executing program 4: 03:59:43 executing program 4: 03:59:43 executing program 4: 03:59:52 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:52 executing program 4: 03:59:52 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:52 executing program 1: 03:59:52 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x6) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:59:52 executing program 2: 03:59:52 executing program 4: 03:59:52 executing program 1: 03:59:52 executing program 1: 03:59:52 executing program 4: [ 2923.192661][T25637] device nr0 entered promiscuous mode 03:59:52 executing program 1: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r1, &(0x7f0000000640)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="b40800002e000107f1ff58980000000200000000", @ANYRES32=r3, @ANYBLOB="000005000000000006000000080001007533320088080200240105000cff080000058000a30ee30000000000000000010000003f0800000006000000ffffffff0000000308000000020000000000000200000004ff0700001f00000000000400000000018b0700008800000000000001000000020100000005000000000000020000080006000000ea00000000000060000000000002000000000000000000040000000300010000000100000000000600000006000509000000ffff00000000000700000001010000000700000026d9c9ac005c540208000000aaed000000000003fffffffd05000000010000000000000000000000dc000000000001000000ffff000000012a6a000001000000000000090000000140000000080000000000076600000005fcffffffe203000004040500028b070066520100050001000000000300000003000000040200000006000000fffffff7ffffffc0040000000300000000000020000001ffa80c000000000000000000020000000508000000d3000000000005f90000007f7d574e6d0700000000000009339e00007104000001f8ffff0000003f0000000000100000000000000000000000006b806200000014000000000046d9fffffff901040000070000000000000700000000ad000000010000000000000900000006000000004020000000000ea100006d430700000009000000000001870000003f070000000500000000000006ffff0000090000007f0000000000002000000001000000000600000000000400000000070000000050000000000000c600000007ffffffff030000000000000200000009faffffff0008000000000efc00000000010000000000010000000080000000066e00000004000000000000020000002200000000800000000000010000000006ff7f00000900000000000001fffffffd01000000030000000000003f0000000008000000150f0000000000be000006c7010400000100010000000003ffffffff0800000009000000000000600000000605000000080000000000000300000006010100000400000000008001000001010000000004000000ffff000000000003030000002e000000000007ff00000007ff0f0000ca00000000008001ffffffff0400000000000000000000010000c384050000006800000000000fff0000007f07000000030000000000000200000000010100000800000000000005000000030000000009000000ffffffff000007ff02000000010001000000f19000000065080000000300000000000000000002440400000000100000000005d10000000601010000050000000000008100007fff000200000800000000000000000000071901000028b100000000003f000002d200000000030000000000008000000004740c000001040000000000060000072103000000080000000000000700000008000200000800000000000065000000bf0500000022000000fffffffd000000037f0000000200000000000008000000090104000001000000000000000000000401000000080000000000000000000001070000000600000000000005000000070100000002100000000000070001000104000000b9000000000000040000000603000000030000000000000700000002030000007f0e000000000005000000090600000000000000ffffffff000000d1690000004d5700000000000800000001ffffffff0900000000000000000000a17f000000080000005485bb1a0000000581ffffff490700002800000000000008f7090000ffff000000000e910000003004000000e0ffffff00000001fffff0007f00000001000100a4010500100103000007030004005ec900000008000000070000000700000000e3a60000000000000000002004000000fffffffffffffff7000000200900000000000000000000010000000307000000380400000000000300000001070000000000000000000003000000070900000000000000000000ff0000010001000100070000000000000300000008dc320000030000008000000100001f1a060000000100008000000003ffffffff07000000ffffffff0000000100000005030000000800000000000000000000030100000000000000000000010000ffff000100000700000000000bb200000008070000000180000000000800000100010000000092000000000000da0000443307000000280d00000000000100000020020000000700000000008000000063e93b00000003000000000000040000077e0500000004000000fffffffd000080000101000000000100000080017fffffff1f000000010400000000000400000008fffbffff0008000000007750000000ff670000000200000000000008fffffffe0300000005000000000000cc0000007f0800000000000000140008006e6c6d6f6e3000000000000000000000a40105000d07010001ff0600001b000003ff80000001000002000200000001fcffff000032e50000010000000000020000000000001d00010000020000007f000000ffffe728000009c3080000009ae7ffff000000040000000400000100ffff00000000095900000001080000003b000000000000ff00000009ffffff7f0100000000000200000000000700000003000000800000008000000003000000b42200000000000500007fff0800000005000000000000ff000000000001000006fb8fce4635c5000000000000040000000701000000ff0f0000ffffffff00000004ff000000ff7f000080000000000000061a000000010100000000b53600000001e4000000030000000000ff270000001f200000003f000000fffffff90000000501000000000001000000000200000006fffeffff0100000000000003000000020300000003000000000000010000000201000100050000000000000500000006070000000002000000000004000000a0030000008e0d00000000000600000006010100007f00000000000005000007ff050000000700000000000401000000050100"/2204], 0x8b4}}, 0x0) 03:59:52 executing program 4: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x0, 0x300) r0 = inotify_init() process_vm_writev(0x0, &(0x7f0000000180)=[{&(0x7f00000013c0)=""/221, 0xdd}, {&(0x7f0000000200)=""/127, 0x7f}, {0x0}], 0x3, &(0x7f0000000280)=[{&(0x7f0000001580)=""/219, 0xdb}, {&(0x7f0000001680)=""/103, 0x67}], 0x2, 0x0) inotify_add_watch(r0, 0x0, 0x0) open(0x0, 0x200c2, 0x0) r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x8027e, 0x100) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000003c0)=0xffffffffffffffff) r2 = dup2(r1, r1) write$FUSE_IOCTL(r2, &(0x7f0000000100)={0x20}, 0xffffff43) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = gettid() creat(0x0, 0x145) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) vmsplice(r2, &(0x7f0000000080)=[{0x0}], 0x1, 0x0) tkill(r3, 0x16) [ 2923.508361][ T26] audit: type=1804 audit(1574308792.849:90): pid=25663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir212374558/syzkaller.ozvhTe/789/file0" dev="sda1" ino=16767 res=1 [ 2923.629710][ T26] audit: type=1804 audit(1574308792.969:91): pid=25660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir212374558/syzkaller.ozvhTe/789/file0" dev="sda1" ino=16767 res=1 [ 2923.691033][ T26] audit: type=1804 audit(1574308793.019:92): pid=25665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir212374558/syzkaller.ozvhTe/789/file0" dev="sda1" ino=16767 res=1 03:59:59 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 03:59:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) socketpair(0x0, 0x3, 0xf9, &(0x7f00000000c0)) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) readv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000041c0)=ANY=[@ANYBLOB='n'], 0x1) ftruncate(r3, 0x8200) readv(0xffffffffffffffff, &(0x7f0000002340)=[{0x0}], 0x1) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180)) setxattr$security_capability(&(0x7f0000000f40)='./bus\x00', 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000300)="31c518db5a85865abb0b063dfcd48e1285f833aa4944274f0a2f5000583c1dc41b9620b08405a61c469102f3babc87c457edd8367f26e21908e89d9ede6430324750702389ab8f513226da", 0x4b, 0xfffffffffffffffa) r6 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r6) r7 = request_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)='threaded\x00', r6) keyctl$link(0x8, r5, r7) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r8 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f00000011c0)) 03:59:59 executing program 4: syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x40) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20730, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080), 0x8}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$rxrpc(0x21, 0x2, 0xa) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0xb1f, 0xffffffffffffff81, &(0x7f0000000400)="fa13031b36b06be279451425c8d5ea6b4946a73613bddaf45e4c530717f0bfe064e06f62017f4d592066ecf61ff460cda032b5ae2283c2b79c33c77ecd3dd4780412bf31c49bf647123a7f5dfe2a6e17d91e2ea44a2257f407b57d06c89ddd9e649cfa3c3929bd59dbb7c723a5889bdac4efbc0de090345c213eea8c7b23b8df7223b237c319c2444810c2be03e64d58d909223e674dd7856ba0642775eaf0d2df91a09b9abc98deaeb5c33c3fddda13c44c67cc70f356538103ccaccc06f36a25b7a08c150e8036a0353ba69437a9e609ef3128262fef7a6121ce3a09e9403d7bda3651019fab24646cd69ac1a47783d8b95db03fd5a4e3c3afff2c54f19296a84d1c377b4f9d2044b3f63fb902d7fb1c7f24003b3371950d7f5732017cef2faa6066bd891b77aa6f15e06618ebfe628092192927b5fa7c2b5c7df7d2983ea25b008781f1a64fad3285b803bc9c71ffed139a1bb72807152c8352f57a091fdb0da92c2be69fd4ab7ceae024539acdf07a4769e32e9fcce4d5d4f854cc50447f72e3a17453e0d419c5060705a8cbdd2999eed94d92afaa2b504198b2100ec7536e6c8cb9697a114ffa75fb444f53ceaf5d9dff34da14655fb681d006f2b1838c4fce61cf93650f2ebf674d6cf9ad6e26ae6bd1135b21b7c74f6be9be3420c087705bc9df04401c8ed7f4e457a64df442b9810c85aa52877b010051b67def9930c426fc575128976d30b519f3b8fec1990fb4eb29d7ddd688c2e67740f9796736137ce173efa1ed7cc13b92f1ebd7241f1821266cadc585af55b07e9edfa694552ff8c4d9063a995fff0d828b5ff1a8e787d4a68e519a13b6d809cc6a588a8f6b12f12fd1cc230b815b40a81aca65756821b5df40e8c09432f7cff2f815137b32d1e9a96b637bf8ec4ac2ca18482c1de4b22791c3f81597714c8d85d4437c43e13c581f9de889f6bd66d09e97dd7f26a0729c11d6dbc16e1905787cc3e22df1324c57da395e986d40167ea5758f8d8b487b0bdc4260c8c1316da9f4c990b18ce14961a2942d1d6600d81129eda581799a91929a312ddbc6872f3b1b5941961fd4d4591ca64242303531c53c909358035e7d2bf36d4ba87c1871fc62e5f9ac68e751b0410137581477bdfe8c0b78a25f712544a408a2df1c4f9d8f769bda2b15a0fa4e73270c58eaea1c2c4b4042562a6d0f8ca904aeaa1e5d0fff3ad67df1885135a30b22ddeeba586acf48856d3085aceb37f16b053db81801b273aa97ba9520c88872695b606b0348d8360be31375fbc4eb13d1205df82448c7b99db086cf79e539a9836a47c3c9f605904170b47c31f5d773d7c5f09f2341b8c519a1fc5b344a9ec7f776af6ceb04e69ccf5eaf1d6c7ab63b08d82a7c43140fd271c5d30dfd2b1d802f2235e1873774af9c946ddb26d022ae3444d749b64171c43afc6cd5e7061d4b03ab3f2bc0fd2a7f6bad0f467d71d48df7baa7a1e7b701cb2f4216e5532cdffb87d25ad73b80bf695b9368d2175223c49d23ef2064e2a7bdc02c382ad0ccef24a948bf6ef34381e61de9cf6ece2106d41d7a93d4ebea6de2c930dc87ee940be4fa2c45184e1328f2f2d43f8b980621cce3ffb4777d3ee10f41fed4679929ccabe10cf2b9795393a35f82bcd9ad42eef5202fe110c1b4c67615b17869a5f489c4190bb9bdf832ca53188f596e564d8bc8fb1e7efe9cd2c36fe9cb00208f2225a840fad171fa63ead3907e17647cea2adeb0b80ae264baf6deb1e2d9e2ef5524219e84d116c605df271b9de2b8bf25bce17845b9a62e14bc49f219d84f187ef0c096bd3a94af86e009a1b9230c478318f427c51a59313979ee61989f4293d54c0dec8f28e8b8665d765abccd5e615f08215b4f948b44e47488f90d20491b78f4b8f1ba8af0f8760b956242a5d2bb62672052840e479d2f5fdb28b409a442273dad165fabc905b127fe7521333a041987792fa2a85e894a750eeb9f3d26dd484823043b142b357ccaed87e35e458ddecdd44ec129415609ca2e7e8b975cd4fcb515017819cb2ced0007b86cdbe578319d8d73c42a17ccf76ca0d10a18aba4fa59ada6ead9d6686b1a48dc1951ad0bc61490ad7db3e973acd7946b4a14372c055c933a11240e2a3cf102c2c558d5a6da69f542fc7df55f8ebf7dd7a26d5c9df9cf404bc009839d33a4febaa7950944eff2c786865c5ed5674cf9aa9d145756e64b0f6ad731055d17d6494c11b60bbc491154e5160b6bfcc739ce3c2dc9cb897edf384391311bc3b994111d67e946193e2729fcc90340326a3b4691cf178cd9d9ae6bcc91afcf44c8aeca8837fa861517b53468bd019381077c56408c078666e3150f4b8979e3de49b3d1a154715478000ce547f45b780edd3a8b19c00e2e127c02771d0d2f1c84d8f0e7174df9667ddad0d290954d05b699d0c93794f4ca79841597b9b8dc782af5e95f751095b0b2c5c73cad5b615715497b5b47b181ead6d872f59da0372d3d065036162724c1791bfa7dc21c21e5c3f1b306b33a2efdc9309f8301fbba75272ae2d80d3111c4a928c2cb5ec9bea65561a38ecabac7242b6a9732c257f857c1bf3add78c202914280c5fcc875b996c054f6882c26f3a561e06aafd9b72dd271dcee546c1fe689f14660587efc385f2f8002862af5b601c509febde6375eb3c71273dcffb4db5f10f1cdd530e7eae009beb61063277a8d5c6124a1c390a5b9f9de7ed7130eea68e56f04715ee015bec853d2addfc29d8dcd6db8fe9fd1e454ee1a729dcdbf92c990799d55fb2c55cc4be3b3189b20f23c8ebb87e6313b5f53b6de9846eb6acff9e301fd443a621666c39f03d5feb23772f8fae8cb77c18697d3e036023fa5f60ec8a4adc0b6c6e18e370734cec1ae84f8be2e31fcf5dce74dd3c3f96b738f1fa72f66bd12472b13876c94cbb4e225dcb5be02d668b537a0271170a980a81b68d3eb3ffa45b076406b039854a6278cf92f969f14ff0dec83e4d3b156b84d85fb9a80cad6acac56ac8c61305ac6f7d97b8383c187ab19877fd593d47ebd2dbffffbf0b8d185444395341a130b1e7a140c32455c0137ac62ec48f8df0803221a3336d76db609b8cffba28032acba05ddda74e7c5a748028ffbd9785c64ef14c809b6cbf496b4c7a31116be2960036ce54c6ba23fe56ae6abfc9a95faae3c5095a7085344eff0a332cee15a3335d9d2f2f135dcf91049ceb446f5b07771a5296f07b07305df2fc0d33a95740d6c50c24dd3088a"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000240)={0x1000, 0xdff, 0xae9, {0x77359400}, 0x6, 0x9}) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000200)) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000180)={0x0, 0x7fffffff, 0xfffffffffffffffe}) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_readv(r1, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x7ffff002}], 0x2, 0x0) 03:59:59 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 03:59:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:59:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20730, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080), 0x8}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$rxrpc(0x21, 0x2, 0xa) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000003000/0x2000)=nil, &(0x7f0000007000/0x3000)=nil, &(0x7f0000008000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000009000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0}, 0x68) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000200)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x407a, 0x0) 03:59:59 executing program 4: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x400000003, 0x10) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000002b008163e45ae08700000301080f00000000e0fc4cc91b4dd65b2f0580cb7023072a556d1c958c000000", 0x2e}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x12042) [ 2930.389358][T25677] device nr0 entered promiscuous mode 03:59:59 executing program 4: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000600)=""/164, 0xa4}], 0x1, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', 0x0, 0x0, 0x8e56b071b577b247, 0x0) read$FUSE(r0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000780), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000300)={0x50, 0x0, 0x1, {0x7, 0x1f, 0x0, 0x11000}}, 0x50) truncate(&(0x7f0000000000)='./file0/file0\x00', 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000540)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85eb}}}, 0x90) 03:59:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) socketpair(0x0, 0x3, 0xf9, &(0x7f00000000c0)) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) readv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000041c0)=ANY=[@ANYBLOB='n'], 0x1) ftruncate(r3, 0x8200) readv(0xffffffffffffffff, &(0x7f0000002340)=[{0x0}], 0x1) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180)) setxattr$security_capability(&(0x7f0000000f40)='./bus\x00', 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000300)="31c518db5a85865abb0b063dfcd48e1285f833aa4944274f0a2f5000583c1dc41b9620b08405a61c469102f3babc87c457edd8367f26e21908e89d9ede6430324750702389ab8f513226da", 0x4b, 0xfffffffffffffffa) r6 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r6) r7 = request_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)='threaded\x00', r6) keyctl$link(0x8, r5, r7) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r8 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f00000011c0)) 04:00:00 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000140)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x23f, 0x0) 04:00:00 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="2e0000002300817ee45de087185082cf0124b0eba06ec4a8258f32e00586f9835b3f00009148790000f8de84c5e2", 0xec0}], 0x1}, 0x0) 04:00:00 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000580)='/dev/net/tun\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200005) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'veth1\x01\x00\x00\x80\x00\x00\x00\x00k(\x00', 0x4fff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000580)='/dev/net/tun\x00', 0x80002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'veth1\x01\x00\x00\x80\x00\x00\x00\x00k(\x00', 0x4fff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x10001) [ 2930.884226][T25712] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2930.894538][T25711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2930.905544][T25712] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2930.915597][T25712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2931.008628][ T26] audit: type=1804 audit(1574308800.349:93): pid=25715 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/671/bus" dev="sda1" ino=16562 res=1 [ 2931.041444][ T26] audit: type=1804 audit(1574308800.379:94): pid=25716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/671/bus" dev="sda1" ino=16562 res=1 [ 2931.079844][ T26] audit: type=1800 audit(1574308800.389:95): pid=25715 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16562 res=0 [ 2931.102710][ T26] audit: type=1800 audit(1574308800.409:96): pid=25716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16562 res=0 04:00:08 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:00:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r1, 0x4018aebd, &(0x7f0000000100)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x1}, {0x0, 0x0, 0xc9}]}) 04:00:08 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:08 executing program 4: syz_emit_ethernet(0x66, &(0x7f0000000580)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c82c8c", 0x30, 0xf5, 0x0, @empty, @ipv4={[], [], @multicast2}, {[], @icmpv6=@time_exceed={0x3, 0x0, 0x0, 0x0, [], {0x0, 0x6, "1861b7", 0x0, 0x0, 0x0, @mcast1, @empty}}}}}}}, 0x0) 04:00:08 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:08 executing program 2: 04:00:09 executing program 4: 04:00:09 executing program 1: 04:00:09 executing program 4: 04:00:09 executing program 1: 04:00:09 executing program 4: [ 2939.878588][T25735] device nr0 entered promiscuous mode 04:00:09 executing program 1: 04:00:22 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:00:22 executing program 4: 04:00:22 executing program 1: 04:00:22 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:22 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:22 executing program 2: 04:00:22 executing program 4: 04:00:22 executing program 1: 04:00:22 executing program 1: 04:00:22 executing program 4: [ 2953.257148][T25769] device nr0 entered promiscuous mode 04:00:22 executing program 1: 04:00:22 executing program 4: 04:00:32 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:00:32 executing program 1: 04:00:32 executing program 4: 04:00:32 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:32 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:32 executing program 2: 04:00:32 executing program 1: 04:00:32 executing program 4: 04:00:33 executing program 1: 04:00:33 executing program 4: [ 2963.704126][T25796] device nr0 entered promiscuous mode 04:00:33 executing program 1: 04:00:33 executing program 4: 04:00:45 executing program 4: 04:00:45 executing program 1: 04:00:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:45 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:45 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:00:45 executing program 2: 04:00:45 executing program 4: 04:00:45 executing program 1: 04:00:45 executing program 4: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x2}]}}, &(0x7f0000000340)=""/219, 0x32, 0xdb, 0x1}, 0x20) 04:00:45 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000340)='vegas\x00', 0x284) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7115}, 0x0) [ 2976.208928][T25830] device nr0 entered promiscuous mode 04:00:45 executing program 4: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0xb0ddd38a6cfd4e8a) openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x0) r3 = socket(0x0, 0x2, 0x0) bind(r3, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, 0x0, &(0x7f0000000280)) pipe(&(0x7f0000000080)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000280)=0x8) 04:00:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 04:00:45 executing program 4: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0xb0ddd38a6cfd4e8a) openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x0) r3 = socket(0x0, 0x2, 0x0) bind(r3, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, 0x0, &(0x7f0000000280)) pipe(&(0x7f0000000080)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000280)=0x8) 04:00:45 executing program 1: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0xb0ddd38a6cfd4e8a) openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x0) r3 = socket(0x0, 0x2, 0x0) bind(r3, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, 0x0, &(0x7f0000000280)) pipe(&(0x7f0000000080)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000280)=0x8) 04:00:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:46 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 2976.839972][T25874] device nr0 entered promiscuous mode 04:00:53 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:00:53 executing program 1: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000280)=0x100000001, 0x142) clone(0x1fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f00000002c0), 0x1c) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0xfdf2) setsockopt$inet_mreq(r1, 0x0, 0x24, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r3, 0x0) accept4(r3, 0x0, 0x0, 0x0) 04:00:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0xb0ddd38a6cfd4e8a) openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x0) r3 = socket(0x0, 0x2, 0x0) bind(r3, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, 0x0, &(0x7f0000000280)) pipe(&(0x7f0000000080)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000280)=0x8) 04:00:53 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_submit(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:53 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:00:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000204010002000270fff80007b100a6656075a576349c98d16f17", 0x26}], 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) umount2(&(0x7f0000000040)='./file0\x00', 0x0) [ 2984.450041][T25898] device nr0 entered promiscuous mode 04:00:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0xb0ddd38a6cfd4e8a) openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x0) r3 = socket(0x0, 0x2, 0x0) bind(r3, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, 0x0, &(0x7f0000000280)) pipe(&(0x7f0000000080)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000280)=0x8) 04:00:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_submit(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:54 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:00:54 executing program 1: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x9, 0x2, 0x1}) 04:00:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_submit(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:00:54 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:04 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:01:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:04 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) fgetxattr(r0, &(0x7f0000000100)=@known='trusted.overlay.nlink\x00', 0x0, 0x0) 04:01:04 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:04 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:04 executing program 2: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc77a4e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507d0419c09fc1fe6c"}, 0xa) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x20000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'hsr0\x00', 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000300)={[{0x10001, 0x0, 0x81, 0x8, 0x0, 0x7f, 0x0, 0xff, 0x9, 0x1, 0x2, 0xfd, 0x9}, {0x1, 0x3ff, 0x5, 0x3, 0x0, 0x1, 0x7, 0x3, 0x7, 0x5, 0x4c, 0xbc, 0x75}, {0x1, 0x1, 0x1, 0x3f, 0x3f, 0x48, 0x7f, 0x5, 0x4, 0x2, 0x0, 0x67, 0x2}], 0xba21}) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r5, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x7a, &(0x7f000059aff8)={r6}, &(0x7f000034f000)=0x2059b000) write$cgroup_subtree(r0, &(0x7f0000000180)={[{0x2b, 'c\x86\xdd\xba.\xd5]s\x81\x00\xf0\xd76\x95\xc6\xef\xac\xea\xe2B\x18\xf2\xf1<\xaa\x1a\xd2;\xdd\xb1\xe5<\x87{\x81\xffJ6\xdbIH\xa1>\x8e\xb8D\xb0@\x141>g\xaa/r\xd2\t\x7f\x14Iy\xbc\x96\x85\xc0\x9b\xcf\xa5P\xef\x06\xcb\x06L\xc4d\xd7\xb1Hz\'\xd0\xf4r\x03j\xa6\xeb+0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 2994.887566][T25958] device nr0 entered promiscuous mode 04:01:04 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) dup2(r4, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 2995.263281][ T26] audit: type=1804 audit(1574308864.609:97): pid=25976 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/693/file0/bus" dev="loop1" ino=27 res=1 04:01:04 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 2995.489563][T25978] attempt to access beyond end of device [ 2995.505852][T25978] loop1: rw=2049, want=641, limit=624 [ 2995.542562][T25985] device nr0 entered promiscuous mode 04:01:04 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 2995.573910][ T26] audit: type=1804 audit(1574308864.919:98): pid=25976 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/693/file0/file0" dev="loop1" ino=28 res=1 [ 2995.815757][T25978] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2995.853677][T25978] FAT-fs (loop1): Filesystem has been set read-only [ 2995.873989][ T26] audit: type=1804 audit(1574308865.219:99): pid=25976 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/693/file0/bus" dev="loop1" ino=27 res=1 04:01:16 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:01:16 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, 0xffffffffffffffff, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:16 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ftruncate(r0, 0x0) 04:01:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x8000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000008c0)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000001000/0x2000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000000780)="42a02023947a7dac9d7b12674fb5a57b6fdfa537595ebfe5063e7afef4d3", 0x1e}, 0x68) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 3007.433028][T26016] device nr0 entered promiscuous mode 04:01:16 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, 0xffffffffffffffff, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3007.576909][ T26] audit: type=1804 audit(1574308876.919:100): pid=26028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/694/file0/bus" dev="loop1" ino=29 res=1 [ 3007.813812][T26029] attempt to access beyond end of device [ 3007.828571][T26029] loop1: rw=2049, want=641, limit=624 04:01:17 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, 0xffffffffffffffff, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3008.020081][T22668] attempt to access beyond end of device [ 3008.034770][T22668] loop1: rw=1, want=4129, limit=624 [ 3008.066554][T22668] attempt to access beyond end of device [ 3008.072405][T22668] loop1: rw=1, want=4290, limit=624 04:01:17 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ftruncate(r0, 0x0) 04:01:17 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(0xffffffffffffffff, r3, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:17 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3008.585562][T26056] device nr0 entered promiscuous mode [ 3008.610113][ T26] audit: type=1804 audit(1574308877.949:101): pid=26059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/695/file0/bus" dev="loop1" ino=30 res=1 [ 3008.889719][T26060] attempt to access beyond end of device [ 3008.908857][T26060] loop1: rw=2049, want=641, limit=624 [ 3009.084913][T17949] attempt to access beyond end of device [ 3009.091909][T17949] loop1: rw=1, want=3665, limit=624 [ 3009.099282][T17949] attempt to access beyond end of device [ 3009.109642][T17949] loop1: rw=1, want=4290, limit=624 04:01:25 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x80000001) 04:01:25 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ftruncate(r0, 0x0) 04:01:25 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(0xffffffffffffffff, r3, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:25 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:25 executing program 2: shmget(0x2, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) [ 3016.709450][ T26] audit: type=1804 audit(1574308886.049:102): pid=26079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/696/file0/bus" dev="sda1" ino=16689 res=1 [ 3016.860453][T26077] device nr0 entered promiscuous mode 04:01:26 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(0xffffffffffffffff, r3, 0x0) fcntl$setown(r1, 0x8, r0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:26 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:27 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:27 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:27 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3017.968255][ T26] audit: type=1804 audit(1574308887.309:103): pid=26108 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/697/file0/bus" dev="loop1" ino=31 res=1 [ 3017.985924][T26112] device nr0 entered promiscuous mode [ 3018.051915][T26111] attempt to access beyond end of device [ 3018.057609][T26111] loop1: rw=2049, want=641, limit=624 [ 3018.335288][T20341] attempt to access beyond end of device [ 3018.351343][T20341] loop1: rw=1, want=3281, limit=624 [ 3018.359930][T20341] attempt to access beyond end of device [ 3018.396796][T20341] loop1: rw=1, want=4290, limit=624 04:01:33 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x80000001) 04:01:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:33 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:33 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:33 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3023.878615][ T26] audit: type=1804 audit(1574308893.219:104): pid=26141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/698/file0/bus" dev="sda1" ino=16829 res=1 [ 3023.933268][T26140] device nr0 entered promiscuous mode 04:01:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(0x0, 0x0, 0x2258c0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x1, 0x3, 0x1}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:01:35 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:35 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:35 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3025.843102][T26161] device nr0 entered promiscuous mode [ 3025.909312][ T26] audit: type=1804 audit(1574308895.249:105): pid=26166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/699/file0/bus" dev="loop1" ino=32 res=1 [ 3025.951476][T26167] attempt to access beyond end of device [ 3025.974758][T26167] loop1: rw=2049, want=641, limit=624 04:01:35 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3026.132920][T26068] attempt to access beyond end of device [ 3026.138619][T26068] loop1: rw=1, want=3129, limit=624 [ 3026.158977][T26068] attempt to access beyond end of device [ 3026.170458][T26068] loop1: rw=1, want=4290, limit=624 04:01:35 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3026.657371][ T26] audit: type=1804 audit(1574308895.999:106): pid=26174 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/700/file0/bus" dev="loop1" ino=33 res=1 04:01:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3026.794376][T26178] attempt to access beyond end of device [ 3026.825256][T26178] loop1: rw=2049, want=641, limit=624 [ 3027.037068][T26068] attempt to access beyond end of device [ 3027.053004][T26068] loop1: rw=1, want=3929, limit=624 [ 3027.053603][T26183] device nr0 entered promiscuous mode [ 3027.065682][T26068] attempt to access beyond end of device [ 3027.075476][T26068] loop1: rw=1, want=4290, limit=624 04:01:46 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x80000001) 04:01:46 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:46 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:46 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:46 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x0) dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000080)={0x1, 0x0, [0x0]}) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 3037.275116][ T26] audit: type=1804 audit(1574308906.619:107): pid=26195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/701/file0/bus" dev="sda1" ino=16851 res=1 [ 3037.331253][T26201] device nr0 entered promiscuous mode 04:01:47 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:01:47 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3037.812875][T26213] device nr0 entered promiscuous mode 04:01:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:47 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) [ 3038.309280][ T26] audit: type=1804 audit(1574308907.649:108): pid=26228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/702/file0/bus" dev="sda1" ino=16844 res=1 [ 3038.328162][T26226] device nr0 entered promiscuous mode 04:01:47 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:48 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) [ 3038.961909][T26236] device nr0 entered promiscuous mode 04:01:55 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x80000001) 04:01:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:55 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:01:55 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) 04:01:55 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3046.606983][T26250] device nr0 entered promiscuous mode [ 3046.880374][T26263] attempt to access beyond end of device [ 3046.905825][T26263] loop1: rw=2049, want=641, limit=624 [ 3047.075099][T20341] attempt to access beyond end of device [ 3047.102480][T20341] loop1: rw=1, want=3513, limit=624 [ 3047.111819][T20341] attempt to access beyond end of device [ 3047.117506][T20341] loop1: rw=1, want=4290, limit=624 04:01:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000204010002000270fff80007b100a6656075a576349c98d16f17", 0x26}], 0x0, 0x0) chroot(&(0x7f0000000080)='./file0\x00') umount2(&(0x7f0000000040)='./file0\x00', 0x0) 04:01:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:01:59 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:01:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:01:59 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:00 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3050.705465][T26283] attempt to access beyond end of device [ 3050.719686][T26283] loop1: rw=2049, want=641, limit=624 04:02:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3050.861298][T20341] attempt to access beyond end of device [ 3050.867184][T20341] loop1: rw=1, want=2721, limit=624 [ 3050.884021][T20341] attempt to access beyond end of device [ 3050.889783][T20341] loop1: rw=1, want=4290, limit=624 [ 3051.260045][T26297] attempt to access beyond end of device [ 3051.265953][T26297] loop1: rw=2049, want=641, limit=624 [ 3051.381904][ T2575] attempt to access beyond end of device [ 3051.387593][ T2575] loop1: rw=1, want=3377, limit=624 [ 3051.394914][ T2575] attempt to access beyond end of device [ 3051.400629][ T2575] loop1: rw=1, want=4290, limit=624 04:02:05 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x80000001) 04:02:05 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:02:05 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:02:05 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3055.846087][ T26] audit: type=1804 audit(1574308925.189:109): pid=26305 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/706/file0/bus" dev="sda1" ino=16913 res=1 04:02:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3056.204960][ T26] audit: type=1804 audit(1574308925.549:110): pid=26319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/707/file0/bus" dev="sda1" ino=16913 res=1 04:02:15 executing program 2: socket$inet(0x2, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, &(0x7f0000000280)) 04:02:15 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:15 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:15 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:02:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3065.929790][ T26] audit: type=1804 audit(1574308935.269:111): pid=26340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/708/file0/bus" dev="loop1" ino=37 res=1 04:02:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3066.324938][ T26] audit: type=1804 audit(1574308935.669:112): pid=26350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/709/file0/bus" dev="loop1" ino=38 res=1 04:02:20 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x80000001) 04:02:20 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:20 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:02:20 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3071.260411][ T26] audit: type=1804 audit(1574308940.599:113): pid=26361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/710/file0/bus" dev="sda1" ino=16932 res=1 04:02:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3071.550804][ T26] audit: type=1804 audit(1574308940.889:114): pid=26376 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/711/file0/bus" dev="sda1" ino=16932 res=1 04:02:34 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) pread64(r2, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) 04:02:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:02:34 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:34 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3085.648190][ T26] audit: type=1804 audit(1574308954.989:115): pid=26401 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/712/file0/bus" dev="loop1" ino=39 res=1 04:02:35 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3085.797513][T26403] attempt to access beyond end of device [ 3085.810210][T26403] loop1: rw=2049, want=641, limit=624 [ 3085.970818][ T2575] attempt to access beyond end of device [ 3085.985561][ T2575] loop1: rw=1, want=3201, limit=624 [ 3086.008597][ T2575] attempt to access beyond end of device [ 3086.033720][ T2575] loop1: rw=1, want=4290, limit=624 04:02:35 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x80000001) 04:02:35 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) 04:02:35 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:35 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3086.920630][ T26] audit: type=1804 audit(1574308956.249:116): pid=26427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/713/file0/bus" dev="loop1" ino=40 res=1 [ 3087.086183][ T2575] attempt to access beyond end of device [ 3087.105795][ T2575] loop1: rw=1, want=2189, limit=624 [ 3087.145430][ T2575] attempt to access beyond end of device [ 3087.157396][ T2575] loop1: rw=1, want=4286, limit=624 04:02:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) 04:02:50 executing program 2: creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000001440)=ANY=[@ANYBLOB], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/161, 0xa1}, 0x397}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = open(&(0x7f0000000500)='./bus\x00', 0x8143242, 0x0) close(r4) r5 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) sendfile(r5, r4, 0x0, 0x80005) write$eventfd(r4, &(0x7f0000000140)=0x9, 0x8) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) shutdown(0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r6, 0x0, 0x18a, 0x0, 0x0, 0x2f95a3c3cb55ab4b) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r7 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r7, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r8, &(0x7f0000005a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffffac1414aa", @ANYRES32=0x0, @ANYBLOB="5d58dafc5e4cb9ed3900000000e5a736"], 0x2b}}], 0x1, 0x0) fstat(r8, &(0x7f00000002c0)) setsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) 04:02:50 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:50 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:02:50 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:50 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3100.967216][ T26] audit: type=1804 audit(1574308970.309:117): pid=26460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/714/file0/bus" dev="sda1" ino=16602 res=1 04:02:51 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) 04:02:51 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:02:51 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:02:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) 04:02:51 executing program 4: write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 04:02:51 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:02:51 executing program 4: write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) [ 3102.284920][ T26] audit: type=1804 audit(1574308971.629:118): pid=26487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/715/file0/bus" dev="loop1" ino=41 res=1 [ 3102.390140][T26496] device nr0 entered promiscuous mode [ 3102.475307][ T2575] attempt to access beyond end of device [ 3102.492296][ T2575] loop1: rw=1, want=2193, limit=624 [ 3102.506761][ T2575] attempt to access beyond end of device [ 3102.517609][ T2575] loop1: rw=1, want=4290, limit=624 04:02:59 executing program 2: r0 = socket(0x1f, 0x5, 0x2) getsockopt(r0, 0x2, 0x2, 0x0, 0x0) 04:02:59 executing program 4: write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 04:02:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:02:59 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:02:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3110.142419][ T26] audit: type=1804 audit(1574308979.489:119): pid=26514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/716/bus" dev="sda1" ino=16525 res=1 [ 3110.241062][T26517] device nr0 entered promiscuous mode 04:03:00 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) 04:03:00 executing program 4: r0 = creat(0x0, 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:00 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:03:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:00 executing program 4: r0 = creat(0x0, 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3111.368610][ T26] audit: type=1804 audit(1574308980.709:120): pid=26535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/717/bus" dev="sda1" ino=16625 res=1 04:03:00 executing program 4: r0 = creat(0x0, 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3111.463300][T26532] device nr0 entered promiscuous mode 04:03:00 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:01 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:08 executing program 2: socket$kcm(0x2b, 0x1, 0x0) socket$kcm(0x11, 0x2, 0x300) socket$kcm(0x2, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) socket$kcm(0x11, 0x2, 0x300) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x60100, 0x0) socket$kcm(0x29, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x26e1, 0x1a0ffffffff) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161) sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r2, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) 04:03:08 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:08 executing program 3: close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x80001d00c0d0) 04:03:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3119.427005][T26566] device nr0 entered promiscuous mode [ 3119.453331][ T26] audit: type=1804 audit(1574308988.799:121): pid=26572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/718/bus" dev="sda1" ino=16530 res=1 04:03:14 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) 04:03:14 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:14 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, 0x0, 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:14 executing program 3: close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x80001d00c0d0) 04:03:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:14 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, 0x0, 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3124.776380][ T26] audit: type=1804 audit(1574308994.119:122): pid=26582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/719/bus" dev="sda1" ino=16738 res=1 [ 3124.789673][T26585] device nr0 entered promiscuous mode 04:03:14 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, 0x0, 0x0) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:14 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3129.840681][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 3129.846618][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 3129.920711][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3129.926619][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3130.240642][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 3130.246563][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:03:20 executing program 3: close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x80001d00c0d0) 04:03:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:20 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x100000000, 0x100) fcntl$setpipe(r1, 0x407, 0x4) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00\xebf\xba\n\xa1\xb6\x1d\x17\x8c\fP6\b\x8bS\x93\xbf\x15\x06\xa5\xe9Ef\xe0\x86\xbc\xf2\x82\x8e4\x91\xd9D\xc1\x8ed\xa4k\xf7\xc9\xaa\xd8#m\x05\xebY=X\xee!nV') r4 = syz_open_procfs(0x0, &(0x7f0000000140)='oom_adj\x00=<\x1a\xc3C\x13Vh\x8b\x85\xdfV\xaf\xc0\x00'/37) sendfile(r4, r3, &(0x7f0000000000)=0x8e, 0x25) 04:03:20 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3130.836400][ T26] audit: type=1804 audit(1574309000.179:123): pid=26622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/720/bus" dev="sda1" ino=16933 res=1 [ 3130.910012][T26619] device nr0 entered promiscuous mode 04:03:27 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x0) 04:03:27 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:27 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:03:27 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) clock_adjtime(0x2, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3138.114671][ T26] audit: type=1804 audit(1574309007.459:124): pid=26636 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/721/bus" dev="sda1" ino=16938 res=1 [ 3138.309552][T26646] device nr0 entered promiscuous mode 04:03:28 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:28 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:03:28 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3138.969462][T26658] device nr0 entered promiscuous mode 04:03:28 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3139.319498][ T26] audit: type=1804 audit(1574309008.659:125): pid=26674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/722/file0/bus" dev="loop1" ino=42 res=1 [ 3139.436222][T26676] attempt to access beyond end of device [ 3139.442576][T26676] loop1: rw=2049, want=641, limit=624 [ 3139.565114][ T2575] attempt to access beyond end of device [ 3139.571107][ T2575] loop1: rw=1, want=3041, limit=624 [ 3139.578400][ T2575] attempt to access beyond end of device [ 3139.584161][ T2575] loop1: rw=1, want=4290, limit=624 04:03:33 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb9040a1d65ef0b007c05e87c55a1bc000900b8000999030000000500150007008178a8000500400002000200000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 04:03:33 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3144.207306][T26688] device nr0 entered promiscuous mode 04:03:38 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x0) 04:03:38 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:38 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:38 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:03:38 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', 0x0, 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3149.496283][T26700] device nr0 entered promiscuous mode 04:03:39 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', 0x0, 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3149.688970][ T26] audit: type=1804 audit(1574309019.029:126): pid=26712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/723/file0/bus" dev="loop1" ino=43 res=1 04:03:39 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3149.847585][T26716] attempt to access beyond end of device [ 3149.853970][T26716] loop1: rw=2049, want=641, limit=624 04:03:39 executing program 5: r0 = gettid() readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3150.030222][T22668] attempt to access beyond end of device [ 3150.046536][T22668] loop1: rw=1, want=2689, limit=624 [ 3150.059655][T22668] attempt to access beyond end of device [ 3150.067766][T22668] loop1: rw=1, want=4290, limit=624 [ 3150.100988][T26727] device nr0 entered promiscuous mode [ 3150.452417][ T26] audit: type=1804 audit(1574309019.799:127): pid=26739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/724/file0/bus" dev="loop1" ino=44 res=1 [ 3150.567754][T26740] attempt to access beyond end of device [ 3150.574196][T26740] loop1: rw=2049, want=641, limit=624 [ 3150.710609][T22668] attempt to access beyond end of device [ 3150.716299][T22668] loop1: rw=1, want=4290, limit=624 04:03:44 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x7, 0x209e20, 0x8000000001}, 0x414) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xae5c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77f7fb, 0x0, 0x82e700, 0x0, 0x0, [0xffffffffa0018000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x2c) 04:03:44 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3155.447753][T26747] device nr0 entered promiscuous mode 04:03:45 executing program 0: r0 = syz_open_procfs(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x13) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) r2 = socket(0x10, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') sendfile(r2, r3, 0x0, 0x0) 04:03:45 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', 0x0, 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:45 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:45 executing program 5: r0 = gettid() readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:03:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3156.103765][ T26] audit: type=1804 audit(1574309025.449:128): pid=26762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/725/file0/bus" dev="loop1" ino=45 res=1 04:03:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3156.298288][T26767] attempt to access beyond end of device [ 3156.311755][T26767] loop1: rw=2049, want=641, limit=624 04:03:45 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3156.466069][ T2575] attempt to access beyond end of device [ 3156.480907][ T2575] loop1: rw=1, want=4097, limit=624 [ 3156.488825][ T2575] attempt to access beyond end of device [ 3156.500693][ T2575] loop1: rw=1, want=4290, limit=624 04:03:46 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3156.837930][ T26] audit: type=1804 audit(1574309026.179:129): pid=26781 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/726/file0/bus" dev="sda1" ino=16955 res=1 04:03:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3157.308445][T26796] device nr0 entered promiscuous mode 04:03:58 executing program 2: mkdir(&(0x7f0000000440)='./file0\x00', 0x0) open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) clone(0xa22900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000380), 0x0, 0x0) 04:03:58 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:58 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:03:58 executing program 0: sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet(0x10, 0x2000000000000002, 0x0) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) pipe2$9p(0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback={0x1f00000000000000}}, 0x1c) 04:03:58 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:03:58 executing program 5: r0 = gettid() readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3169.462826][T26820] device nr0 entered promiscuous mode [ 3169.636765][ T26] audit: type=1804 audit(1574309038.979:130): pid=26830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/727/file0/bus" dev="loop1" ino=46 res=1 04:03:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3169.798240][T26832] attempt to access beyond end of device [ 3169.805587][T26832] loop1: rw=2049, want=641, limit=624 04:03:59 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f0000000100)) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 3169.982431][ T2575] attempt to access beyond end of device [ 3169.989675][ T2575] loop1: rw=1, want=4290, limit=624 [ 3170.016674][T26835] device nr0 entered promiscuous mode 04:03:59 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:03:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3170.490836][ T26] audit: type=1804 audit(1574309039.829:131): pid=26847 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/728/file0/bus" dev="loop1" ino=47 res=1 [ 3170.618597][T26848] attempt to access beyond end of device [ 3170.624967][T26848] loop1: rw=2049, want=641, limit=624 [ 3170.760315][ T2575] attempt to access beyond end of device [ 3170.767721][ T2575] loop1: rw=1, want=3729, limit=624 [ 3170.776912][ T2575] attempt to access beyond end of device [ 3170.784692][ T2575] loop1: rw=1, want=4290, limit=624 04:04:03 executing program 2: unshare(0x2000400) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x574866ac09ba9c58, 0x0) epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x0) 04:04:03 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:04:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:03 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3174.205770][ T26] audit: type=1804 audit(1574309043.549:132): pid=26880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/729/file0/bus" dev="loop1" ino=48 res=1 [ 3174.303881][T26881] attempt to access beyond end of device [ 3174.311015][T26881] loop1: rw=2049, want=641, limit=624 [ 3174.354487][T26791] attempt to access beyond end of device [ 3174.360365][T26791] loop1: rw=1, want=4290, limit=624 04:04:16 executing program 0: perf_event_open(&(0x7f0000000440)={0x0, 0xfffffffffffffd18, 0xb8, 0x4, 0x0, 0x0, 0x0, 0x0, 0xc2001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:04:16 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r0, 0xa, 0x12) dup2(r0, r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r2, r3, 0x0) fcntl$setown(r0, 0x8, 0x0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(0x0, 0x15) 04:04:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:04:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:16 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:16 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000740)='bcsf0\x00') ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000b00)='bcsf0\x00\a\x00l\x00\x00h\x11\x00') 04:04:16 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:16 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3187.212330][ T26] audit: type=1804 audit(1574309056.559:133): pid=26905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/730/file0/bus" dev="loop1" ino=49 res=1 04:04:16 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3187.498730][T26907] attempt to access beyond end of device [ 3187.520317][T26907] loop1: rw=2049, want=641, limit=624 [ 3187.616302][T26791] attempt to access beyond end of device [ 3187.622428][T26791] loop1: rw=1, want=3681, limit=624 [ 3187.631656][T26791] attempt to access beyond end of device [ 3187.637772][T26791] loop1: rw=1, want=4290, limit=624 04:04:29 executing program 0: 04:04:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:29 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:29 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:29 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r0, 0xa, 0x12) dup2(r0, r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r2, r3, 0x0) fcntl$setown(r0, 0x8, 0x0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(0x0, 0x15) 04:04:29 executing program 2: [ 3200.317724][ T26] audit: type=1804 audit(1574309069.659:134): pid=26955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/731/file0/bus" dev="sda1" ino=16897 res=1 04:04:29 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:30 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:30 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:30 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3201.277468][ T26] audit: type=1804 audit(1574309070.619:135): pid=26992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/732/file0/bus" dev="sda1" ino=16889 res=1 04:04:30 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:33 executing program 0: 04:04:33 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r0, 0xa, 0x12) dup2(r0, r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r4, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r2, r3, 0x0) fcntl$setown(r0, 0x8, 0x0) r5 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x4000}]) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(0x0, 0x15) 04:04:33 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:33 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:33 executing program 2: [ 3204.636526][ T26] audit: type=1804 audit(1574309073.979:136): pid=27020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/733/file0/bus" dev="loop1" ino=50 res=1 04:04:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) [ 3204.865857][T27022] attempt to access beyond end of device [ 3204.904564][T27022] loop1: rw=2049, want=641, limit=624 04:04:34 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3205.041537][T22668] attempt to access beyond end of device [ 3205.054119][T22668] loop1: rw=1, want=3537, limit=624 [ 3205.074300][T22668] attempt to access beyond end of device [ 3205.090453][T22668] loop1: rw=1, want=4290, limit=624 04:04:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:04:34 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:04:34 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3205.489720][ T26] audit: type=1804 audit(1574309074.829:137): pid=27039 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/734/file0/bus" dev="loop1" ino=51 res=1 [ 3205.717419][T27040] attempt to access beyond end of device [ 3205.742776][T27040] loop1: rw=2049, want=641, limit=624 [ 3205.893966][T17949] attempt to access beyond end of device [ 3205.899670][T17949] loop1: rw=1, want=4290, limit=624 04:04:37 executing program 0: 04:04:37 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r2 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 04:04:37 executing program 1: io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:37 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) tkill(0x0, 0x0) ftruncate(r0, 0x0) [ 3208.638299][ T26] audit: type=1804 audit(1574309077.979:138): pid=27062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/735/bus" dev="sda1" ino=16738 res=1 04:04:38 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:04:44 executing program 2: 04:04:44 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:44 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:44 executing program 1: io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:44 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:04:44 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in6=@empty, 0x0, 0x0, 0xff}, [@mark={0xc}]}, 0x34}, 0x8}, 0x0) [ 3214.888945][ T26] audit: type=1804 audit(1574309084.229:139): pid=27084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/736/bus" dev="sda1" ino=16980 res=1 04:04:44 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:44 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) tkill(0x0, 0x0) ftruncate(r0, 0x0) 04:04:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:45 executing program 1: io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3215.826835][ T26] audit: type=1804 audit(1574309085.169:140): pid=27105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/737/bus" dev="sda1" ino=16980 res=1 04:04:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(0x0, 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:45 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) [ 3216.181187][T27107] device nr0 entered promiscuous mode 04:04:52 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e20}, @in6={0xa, 0x0, 0x6f070e33, @rand_addr="2c99b8642c4255174cc74dc001c81af5"}, @in6={0xa, 0x4e24, 0xffffff81, @rand_addr="a38b44314b5cb8ddb3148d9419bbd627"}, @in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}, @in6={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xcd}], 0x80) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, &(0x7f00000002c0)=0x6, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000b04000)={0x0, 0x0, 0x0, &(0x7f0000034000)=""/95, 0x0}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000001400)=ANY=[]) 04:04:52 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(0x0, 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:52 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 04:04:52 executing program 1: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:04:52 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3223.218376][ T26] audit: type=1804 audit(1574309092.559:141): pid=27134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/738/file0/bus" dev="sda1" ino=16987 res=1 [ 3223.374940][T27131] device nr0 entered promiscuous mode 04:04:53 executing program 0: getpgrp(0x0) syz_open_dev$loop(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x540e, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) 04:04:53 executing program 4: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) clone(0x100010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x751808, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 04:04:53 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(0x0, 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:53 executing program 1: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3224.137088][ T26] audit: type=1804 audit(1574309093.479:142): pid=27155 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/739/file0/bus" dev="sda1" ino=16991 res=1 [ 3224.266255][T27149] device nr0 entered promiscuous mode 04:04:53 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:04:54 executing program 4: r0 = socket$kcm(0x10, 0x800000000002, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0xffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(0x0, 0x0, 0x100082) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) syz_open_procfs(0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0xfffffffffffffe2d, &(0x7f0000000240)=[{&(0x7f0000000000)="2e000000110081aee405d10200000e00fa076b000700000000f3ff500befccd77f00000000081c5eda00b0eba06a", 0x15a}], 0x1}, 0x0) [ 3224.775979][T27164] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 3224.859253][T27165] device nr0 entered promiscuous mode [ 3224.872718][T27164] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:05:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 04:05:05 executing program 1: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:05 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 04:05:05 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3236.623692][ T26] audit: type=1804 audit(1574309105.969:143): pid=27193 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/740/file0/bus" dev="sda1" ino=16765 res=1 [ 3236.751761][T27186] device nr0 entered promiscuous mode 04:05:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 04:05:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffe08, &(0x7f0000000040)=[{&(0x7f00000001c0)="2e0000001a008102a00f80ecdb4cb9040a4800160b000000d4126e6a65f4e1403a7d0020e2000000180000000000", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 04:05:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:06 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3237.589347][ T26] audit: type=1804 audit(1574309106.929:144): pid=27210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/741/bus" dev="sda1" ino=16760 res=1 [ 3237.753280][T27206] device nr0 entered promiscuous mode 04:05:07 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x612, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="850000000f000000250000000000000095000000000000006d3ee7703e64593f4fe0e059acc80fd45556754e43478155e21229440e8eb9e2f954fb8c0aeaa6927ca08d8453f2395ccbf73e028cca69d1b4309b0c565a720558df863d07d9d659eafcf53a2ed1c3fa5211fe2a755eda3d04ed6ab0446b2a675851b19d0a1338e1ce60bbd8bdc4a50c7a594aa7c220044362702be67568fe801e30a89e50c56ebd2440fb2cf3708ed28ae6feb956c4301ae36a2dc51af52e4cc336dcc5448c15a55b3af5a127a31ad288eb70dba2c6ff68703988876e12612ea7baf76ceedd9e4eaa106a18171e41d6fc662a86a0015b301cd283a5c599c62d75ad279571298bfb870f280a00ab4af7a03743268740c2180245ff2acdd922d9709978a500a911be8e6877507d9fc13c8d2ddce2ef569879d36a3351fd117b93203d9aa4f0bcb1412abe76bce902bb40171b9e16ffba545c59c9ac2a1c5ba0c6f39914bc39015789c191dc33f7777773077c327a2a6a17e0dfd00bd55e07d869aaea536147cb2ca4e3891ff3fd8373c6647b7cc9839f2ffd8c04b4358528ffa1b80cac119a650dc88b451b4ef24b3c56ddb6ed8f42248ef18297c37c97352624fec53b2a2c15bf4bc927b14a2b5537a6466f8ddca921c6fc1f4e4d2605054f5a56a375562b46ce9da8bc49cac82d679d644eabe950affb7c7bbcfca108e439dd621d16253c2c43d4aaf25933a0cd5d8ec218488391df5e545314f6a6af21929be7d13c6014709cc2a287ee6095ee382e1c32c0c771c3566015672c22e5569f2bfa35facc029b02cc3bc3c9991628eb000000000000000000d2085889da3cbccc4889b8b81891fbc477d83c50bb9473461b3618bdd088c40227853a54c307f79609cb1dc5a2aa9e475bfb497d6ef67daf3c68e3abc427c473f17aaa8a30bb09a8cd2c19af1fba1d92f3f2c9ec2e5c032ef6f73d8bcd2b31fdb2943a5e5fc677c59d524cc3276d6fa655d182764f8822cc932bc671645af02a6b7144ecf12b68f758b0409720b37d5e26ed95167b3e15a29d57d84398a29dcdc096c8e752ec07fab92715e4f93d210c03119a32af268dd9320eb6d812f4b01a106b6d4620d1d75ca83a8fff4f2f6b26cd2ad8b9e70deb25889551dba017cefeb220185fb09f7bc1bfd1cf0ff822706f5185b22215d709bcee5992698e6c58be1c648c0a5a57777d73e574abc16335e5a976cde09ce4bb7bfd807e54270092eedeae02a4642c9882bc159bbee58039778babdc910c96ab674768a49ec60b612882096821a2766f995ee77c0c0dd0efc7433b095e11d9bbf5c5374f47078a65fa676f65527a558c7b9d5ebe3b4c799d39e29408de7b820fc9fc70564f61824266363da988ff86199b0f6b339f06672133d2fa4224d0c614781dcdc9ecc5a05f14eeb1ea9d5d20801e072c34fd1f910c36291c4219a351bd67a65bd1a6aa27d93c3c694a7668e621a72ee407cfa17b7875a11be91e353540178ed48d22bbb3d7dc1fd57c167108885502ccab0f3efadc9b84b1d5f289370deffac870e4d106a756a2610c85d6beb82ad07e92e2fed90d83637d8fde513e8d487bc87be157e9979cb0371762c1b62f02753400000000000000000000000000705c661e6824b245cb2cd517cd989222516ac5e8c66190d42cd01fc70b54b0142d6acccb84189ce32a149eb91a81"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xc0}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) 04:05:07 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3238.363982][T27219] device nr0 entered promiscuous mode 04:05:07 executing program 4: r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 04:05:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 04:05:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) close(0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 04:05:17 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:17 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r3, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r1, r2, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r0) r4 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000780), 0x4000}]) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3247.939888][T27235] device nr0 entered promiscuous mode [ 3247.948391][ T26] audit: type=1804 audit(1574309117.289:145): pid=27240 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/742/bus" dev="sda1" ino=16767 res=1 [ 3248.026627][T27232] cgroup: fork rejected by pids controller in /syz4 04:05:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) close(0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 04:05:22 executing program 0: syz_genetlink_get_family_id$tipc2(&(0x7f0000000640)='TIPCv2\x00') r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) 04:05:22 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) close(0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 04:05:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:22 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) waitid(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 3253.124183][ T26] audit: type=1804 audit(1574309122.469:146): pid=27374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/743/bus" dev="sda1" ino=16802 res=1 [ 3253.179937][T27367] device nr0 entered promiscuous mode 04:05:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) close(0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 04:05:22 executing program 4: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000600)=""/164, 0xa4}], 0x1, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', 0x0, 0x0, 0x8e56b071b577b247, 0x0) write$FUSE_INIT(r0, &(0x7f0000000300)={0x50, 0x0, 0x1}, 0x50) 04:05:22 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:22 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3253.794601][T27393] device nr0 entered promiscuous mode 04:05:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3254.019564][T27399] FAT-fs (loop1): bogus number of reserved sectors [ 3254.026903][T27399] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3254.070107][ T26] audit: type=1804 audit(1574309123.409:147): pid=27402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/744/file0/bus" dev="sda1" ino=16892 res=1 04:05:23 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3254.358398][T27405] device nr0 entered promiscuous mode 04:05:31 executing program 0: keyctl$revoke(0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x5) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d766a83cf89441cb69d952f41bdd2ac8bb8c43b460", 0x34}, {&(0x7f0000000100)="aa1d484e24002000a84d4583671e120755272bb736be94d9fc56c9953fbd80630600097704a71e023a27b2", 0x2b}], 0x2) add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000300)='\xff\x03\x00\x00\x11\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0x0) memfd_create(0x0, 0x0) 04:05:31 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:31 executing program 4: clone(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)="a0de925b34dcb7c8b7b5a53a69912fab0cb346f6699b64996c84c99223b5c19e54974eb4ec92a3009f6facd3f7") prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x6, 0x80000000000000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002f00)=[{{&(0x7f0000000500)=@nfc, 0x80, &(0x7f0000002b80)=[{0x0}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f0000000600)=""/34, 0x22}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000640)=""/65, 0x41}], 0x7}, 0xfffffff7}, {{0x0, 0x0, &(0x7f0000002cc0), 0x0, &(0x7f0000002d00)=""/4, 0x4}}, {{&(0x7f0000002d40)=@l2, 0x80, &(0x7f0000002e40)=[{0x0}], 0x1}}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffff7fffffb}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x102, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, @perf_bp={0x0, 0x2}, 0xd00, 0x0, 0x0, 0x0, 0x200, 0x0, 0x801}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000480)) write(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) clock_gettime(0x0, &(0x7f0000000000)) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000440)=0x1, 0xffe6) sendto$inet(r7, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$dupfd(r8, 0x406, r8) r9 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r9, 0x0, 0x0, 0x2000002) fallocate(r8, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000040)={0x0, r9, 0x7f, 0x8}) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00') r10 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r10, 0x0, 0x0) ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, &(0x7f0000000140)) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') 04:05:31 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:31 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) [ 3262.356982][T27425] FAT-fs (loop1): bogus number of reserved sectors [ 3262.365354][T27425] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3262.389163][ T26] audit: type=1804 audit(1574309131.729:148): pid=27430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/745/file0/bus" dev="sda1" ino=16896 res=1 [ 3262.404739][T27423] device nr0 entered promiscuous mode 04:05:31 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x1, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r0, &(0x7f0000000200)={0x78, 0x0, 0x0, {0x0, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}}}, 0x78) 04:05:32 executing program 4: perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffe08, &(0x7f0000000040)=[{&(0x7f00000001c0)="2e0000001a008102a00f80ecdb4cb9040a4800160b000000d4126e6a65f4e1403a7d0020e2000000180000000000", 0x2e}], 0x1}, 0x0) 04:05:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) 04:05:32 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:32 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, 0x0, 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) [ 3263.174141][T27554] device nr0 entered promiscuous mode 04:05:45 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{&(0x7f0000000080)=@xdp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000200)=""/80, 0x50}], 0x1}, 0x7fff}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/176, 0xb0}], 0x1, &(0x7f0000000480)=""/57, 0x39}, 0x8001}], 0x2, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x80\x00\x00\x00\x00\xfa\xfc\xe6s\x89\x9b', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, &(0x7f00000002c0)=0x1) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)='\b') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_int(r2, 0x1, 0xe955c9dcc82f52a0, &(0x7f00000000c0)=0x5, 0x4) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000240), 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000080)) sendfile(r0, r0, 0x0, 0x3f000000) ioctl$LOOP_CLR_FD(r0, 0x4c01) 04:05:45 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:45 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, 0x0, 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:45 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) 04:05:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:45 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) [ 3275.695150][T27679] FAT-fs (loop1): bogus number of reserved sectors [ 3275.712162][T27679] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3275.751984][ T26] audit: type=1804 audit(1574309145.099:149): pid=27683 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/746/file0/bus" dev="sda1" ino=16776 res=1 [ 3275.960712][T27685] device nr0 entered promiscuous mode 04:05:45 executing program 4: 04:05:45 executing program 4: 04:05:45 executing program 4: 04:05:45 executing program 4: 04:05:45 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, 0x0, 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:45 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3276.537539][T27702] device nr0 entered promiscuous mode 04:05:54 executing program 0: 04:05:54 executing program 4: 04:05:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, 0x0, 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:05:54 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400), 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:54 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) 04:05:54 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000000000001401000001000000"], 0x10}, 0x0) [ 3284.909996][T27718] FAT-fs (loop1): bogus number of reserved sectors [ 3284.927061][T27718] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3284.955975][ T26] audit: type=1804 audit(1574309154.299:150): pid=27723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/747/file0/bus" dev="sda1" ino=16693 res=1 [ 3285.055735][T27716] device nr0 entered promiscuous mode 04:05:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x8000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) 04:05:54 executing program 4: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x30}, 0xc) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYRES32], 0x1037b) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000840), 0xc) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="91e4d7c7479910663dc313d0385ee00f5bbf749bfad9949e22cc670b046070c4"], 0x1a000) recvmmsg(r0, &(0x7f0000006b00)=[{{0x0, 0x0, 0x0}}], 0xa8, 0x0, 0x0) 04:05:54 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400), 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:05:54 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:05:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, 0x0, 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3285.771227][T27748] device nr0 entered promiscuous mode [ 3285.920205][T27854] FAT-fs (loop1): bogus number of reserved sectors [ 3285.934794][T27854] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3285.960365][ T26] audit: type=1804 audit(1574309155.299:151): pid=27854 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/748/file0/bus" dev="sda1" ino=16897 res=1 04:06:00 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:00 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400), 0x0) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:00 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="10000000000000001401000001000000"], 0x10}, 0x0) 04:06:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x4100, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 04:06:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, 0x0, 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3291.169940][T27870] FAT-fs (loop1): bogus number of reserved sectors [ 3291.183259][T27870] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3291.237809][ T26] audit: type=1804 audit(1574309160.579:152): pid=27870 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/749/file0/bus" dev="sda1" ino=16902 res=1 [ 3291.271297][T27874] device nr0 entered promiscuous mode 04:06:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe2[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5\xc4x\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x94f63ebc2bfb6c11) r1 = gettid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r1, 0x12) perf_event_open(0x0, r1, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r1, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000600)='@\x00'}, 0x30) r2 = perf_event_open(&(0x7f0000000780)={0x1, 0x70, 0x3f, 0xfa, 0x1, 0x3f, 0x0, 0x401, 0x40, 0xa, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x3, 0x9}, 0x2800, 0x3, 0x800, 0x5, 0x6, 0xb7, 0x1ff}, r1, 0x1, 0xffffffffffffffff, 0x6) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5240b667b1f34ca, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(r3, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x20000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='c&bH\xeb\xdc\xed8\xb0\x82\xd6\x1c\x19\xff\\\x03\n\xfar\t\x12ta{\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c00002c008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf6a01f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x3) r6 = openat$cgroup_ro(r5, &(0x7f0000000380)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000700)={&(0x7f0000000500)=@isdn={0x22, 0x7f, 0x20, 0x0, 0x2}, 0xffffffffffffff92, 0x0, 0x2f2}, 0x50000c0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffe) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfffffd55) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x20000, 0x2, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000340)=ANY=[]) socketpair(0x15, 0x3, 0x1, &(0x7f0000000140)) gettid() r7 = getpid() perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x10, 0x92, 0x2, 0x2, 0x0, 0x2000000c, 0x4354, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x999fe6aa3f89233}, 0x5, 0x10000000000, 0x3, 0x4, 0x1ff, 0x4, 0x8001}, r7, 0x9, 0xffffffffffffffff, 0xa6f54f15e4426119) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xfe2e}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000001) r8 = socket$kcm(0xa, 0x2, 0x11) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4) setsockopt$sock_attach_bpf(r8, 0x29, 0x19, &(0x7f00000005c0)=r9, 0xfffffffffffffd40) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x3a5}, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000480)=@in6={0xa, 0x4e26, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000004400)={&(0x7f0000004200)=@hci, 0x80, &(0x7f0000004380)=[{&(0x7f0000004280)=""/198, 0xc6}], 0x1, &(0x7f00000043c0)=""/48, 0x30}, 0x10162) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)) sendmsg$kcm(r8, &(0x7f0000002b80)={&(0x7f0000000680)=@rxrpc=@in4={0x21, 0x4, 0x2, 0xfffffe1b, {0x2, 0x4e23, @multicast1}}, 0xfffffffffffffe01, 0x0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') openat$cgroup_ro(r3, &(0x7f0000000640)='mem\x1b\x7fMi\xf3>\xb69g', 0x0, 0x0) r11 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r12, r11, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) r13 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2000, 0x2, 0x0, 0x7, 0x0, 0x0, 0x3}, r12, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r13, 0x4008240b, &(0x7f0000000000)={0x0, 0x70, 0x2, 0xfffffffffffff002, 0x1, 0x2, 0x0, 0x8, 0xf2004, 0x0, 0x0, 0xa7c, 0x8, 0x0, 0xfff, 0x0, 0x0, 0x44, 0xc9, 0x0, 0x6, 0x0, 0x0, 0x6, 0x4, 0xc9, 0x0, 0x10001, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94c, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x2108, 0x1, 0x4, 0x1, 0x2, 0x1000, 0x51}) 04:06:01 executing program 4: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000440)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000880)={0x2, 0x0, @remote}, 0x10) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)='a', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="ec", 0x1}], 0x8e}}], 0x15a, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:06:01 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{0x0}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:01 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, &(0x7f0000000140), 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3292.201310][T27889] device nr0 entered promiscuous mode [ 3292.239080][T27926] FAT-fs (loop1): bogus number of reserved sectors 04:06:01 executing program 4: [ 3292.286429][T27926] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3292.360641][ T26] audit: type=1804 audit(1574309161.699:153): pid=28004 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/750/file0/bus" dev="sda1" ino=16992 res=1 04:06:01 executing program 4: 04:06:09 executing program 0: 04:06:09 executing program 4: 04:06:09 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{0x0}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:09 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, &(0x7f0000000140), 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:09 executing program 2: 04:06:09 executing program 4: [ 3300.426012][T28022] FAT-fs (loop1): bogus number of reserved sectors [ 3300.491758][T28022] FAT-fs (loop1): Can't find a valid FAT filesystem 04:06:09 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9e1e) setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.capability\x00', 0x0, 0x0, 0x2) ftruncate(r0, 0x0) [ 3300.537890][T28028] device nr0 entered promiscuous mode [ 3300.562614][ T26] audit: type=1804 audit(1574309169.909:154): pid=28032 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/751/file0/bus" dev="sda1" ino=17019 res=1 04:06:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xffffffff, 0x0, [{}, {}, {}, {}, {0x0, 0x1, 0x0, [], 0xff}]}}) 04:06:10 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{0x0}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:10 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:10 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) [ 3301.301743][T28255] device nr0 entered promiscuous mode 04:06:15 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x7b, &(0x7f0000001000)=ANY=[@ANYBLOB="850000000f000000250000000000000095000000000000006d3ee7703e64593f4fe0e059acc80fd45556754e43478155e21229440e8eb9e2f954fb8c0aeaa6927ca08d8453f2395ccbf73e028cca69d1b4309b0c575a72057f00a5669eb6c5bbeafcf53a2ed1c3fa5211fe2a755eda3d04ed6ab0446b2a675851b19d0a1338e1ce60bbd8bdc4a50c7a594aa7c220044362702be67568fe801e30a89e50c56ebd2440fb2cf3708ed28ae6feb956c4301ae36a2dc51af52e4cc336dcc5448c15a55b3af5a127a31ad288eb70dba2c6ff68703988876e12612ea7baf76ceedd9e4eaa106a18171e41d6fc662a86a0015b301cd283a5c599c62d75ad279571298bfb870f280a00ab4af7a03743268740c2180245ff2acdd922d9709978a500a911be8e6877507d9fc13c8d2ddce2ef569879d36a3351fd117b93203d9aa4f0bcb1412abe76bce902bb40171b9e16ffba545c59c9ac2a1c5ba0c6f39914bc39015789c191dc33f7777773077c327a2a6a17e0dfd00bd55e07d869aaea536147cb2ca4e3891ff3fd8373c6647b7cc9839f2ffd8c04b4358528ffa1b80cac119a650dc88b451b4ef24b3c56ddb6ed8f42248ef18297c37c97352624fec53b2a2c15bf4bc927b14a2b5537a6466f8ddca921c6fc1f4e4d2605054f5a56a375562b46ce9da8bc49cac82d679d644eabe950affb7c7bbcfca108e439dd621d16253c2c43d4aaf25933a0cd5d8ec218488391df5e545314f6a6af21929be7d13c6014709cc2a287ee6095ee382e1c32c0c771c3566015672c22e5569f2bfa35facc029b02cc3bc3c9991628eb000000000000000000d2085889da3cbccc4889b8b81891fbc477d83c50bb9473461b3618bdd088c40227853a54c307f79609cb1dc5a2aa9e475bfb497d6ef67daf3c68e3abc427c473f17aaa8a30bb09a8cd2c19af1fba1d92f3f2c9ec2e5c032ef6f73d8bcd2b31fdb2943a5e5fc677c59d524cc3276d6fa655d182764f8822cc932bc671645af02a6b7144ecf12b68f758b0409720b37d5e26ed95167b3e15a29d57d84398a29dcdc096c8e752ec07fab92715e4f93d210c03119a32af268bd9320eb6d812f4b01a106b6d4620d1d75ca83a8fff4f2f6b26cd2ad8b9e70deb25889551dba017cefeb220185fb09f7bc1bfd1cf0ff822706f5185b22215d709bcee59332a000058be1c648c0a5a57777d73e574abc16335e5a976cde09ce4bb7bfd807e54270092eedeae02a4642c9882bc159bbee57239778babdc910c96ab674768a49ec60b612882096821a2766f995ee77c0c0dd0efc7433b095e11d9bbf5c5374f47078a65fa676f65527a558c7b9d5ebe3b4c799d39e29408de7b820f00fc70564f61824266363da988ff86199b0f"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}, {}], 0x2, 0x0, &(0x7f0000000140)={0x5}, 0x8) 04:06:15 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x0, &(0x7f0000000140), 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:15 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:15 executing program 4: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) geteuid() setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), 0xc) getegid() ptrace$peek(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x151, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000d00)=ANY=[@ANYBLOB="0002020000000000040100c910ff010011000000009e79f26337296b0b000000622db173ca9a177af8b0b259e59956150732cd5e0ef1383902dbee00492a3dfec54984d30c0198d3ca990e8712a7ac3658c1007e6b9036229e1011930a9b712486c396ed7d79fbdb43eed3d1ffc21a53af1a4cb373ecce659bb707915332e981c43c0cef5679a939bbb019dccadf8d55a65867a9c0aec19bc801ebce2ee8321d7053b55be9f5d3f6fd65d447a513bbb8e11f018000004a54787e75a0ae09b19358be85804baada659ddfdb260158746934421341335443fbb08a0995dd5d05632869b8e3f916185e37ff57f99a1b66e84f249a2228fcae6eedfad40c06dab1bb243b24823aeb1a3ce288f2828c9cf86aa633c8750e8e20de0be36cc85f0a91d63fd2f24fb0ae824ded0a0450d9c9674786f7a8eb95db57a465df3b41fa6021a4d215ca8bc7f8f30caeded722fa4dc6e11a973fd68682625384442c8cd8e897247c8c935c39a0e36b63a0f094bb6e67f3e643daad37f6960f070d4003199f7853531fc652825c5c4ae215c5ab0356e9362e7dc61a90f09f0c83a4f5b969c21b3d2dc4e64f58df3338bd508f682e5d30a6459e7bf2ceac2da2061d5136c6e8965016ecc7d436e2377a66941e7b334647b43270a42fb5624f869fbdd6dd98ce2fb2125cf8db655db91f8ca98d99663d025ccd4c29abb8c49497d061cd7f16592fcb0b38d01cf3be08722110061e4c182ae2e70a3549d5193e2c4bd79fb13fc25b65101e0473c98760c91d0837c5ebfc041379ae4635233c9d530cace1645ed547e0487c1f436f462d2ac78d158c600226aebdab07cc5f4f1974481fe40211d626110961b6914f149ec57e55e595d750b5a536cbc9de7a8a000000"], 0x20) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 04:06:15 executing program 2: socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, r1, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080), 0xc, 0x0}, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x100, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x0, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x100000) alarm(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000340)) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x2ac, 0x0, 0xff, 0xf480, 0x87}, 0xc) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c974e17bb8857813000000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000000000000841000010000018000000003a000000"]}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r3, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x0, 0x0, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) [ 3306.621002][T28276] FAT-fs (loop1): bogus number of reserved sectors [ 3306.628166][T28276] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3306.676931][ T26] audit: type=1804 audit(1574309176.019:155): pid=28276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/752/file0/bus" dev="sda1" ino=16770 res=1 [ 3306.770886][T28278] device nr0 entered promiscuous mode 04:06:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3307.597488][T28289] FAT-fs (loop1): bogus number of reserved sectors [ 3307.621222][T28289] FAT-fs (loop1): Can't find a valid FAT filesystem 04:06:17 executing program 4: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) geteuid() setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), 0xc) getegid() ptrace$peek(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x151, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000d00)=ANY=[@ANYBLOB="0002020000000000040100c910ff010011000000009e79f26337296b0b000000622db173ca9a177af8b0b259e59956150732cd5e0ef1383902dbee00492a3dfec54984d30c0198d3ca990e8712a7ac3658c1007e6b9036229e1011930a9b712486c396ed7d79fbdb43eed3d1ffc21a53af1a4cb373ecce659bb707915332e981c43c0cef5679a939bbb019dccadf8d55a65867a9c0aec19bc801ebce2ee8321d7053b55be9f5d3f6fd65d447a513bbb8e11f018000004a54787e75a0ae09b19358be85804baada659ddfdb260158746934421341335443fbb08a0995dd5d05632869b8e3f916185e37ff57f99a1b66e84f249a2228fcae6eedfad40c06dab1bb243b24823aeb1a3ce288f2828c9cf86aa633c8750e8e20de0be36cc85f0a91d63fd2f24fb0ae824ded0a0450d9c9674786f7a8eb95db57a465df3b41fa6021a4d215ca8bc7f8f30caeded722fa4dc6e11a973fd68682625384442c8cd8e897247c8c935c39a0e36b63a0f094bb6e67f3e643daad37f6960f070d4003199f7853531fc652825c5c4ae215c5ab0356e9362e7dc61a90f09f0c83a4f5b969c21b3d2dc4e64f58df3338bd508f682e5d30a6459e7bf2ceac2da2061d5136c6e8965016ecc7d436e2377a66941e7b334647b43270a42fb5624f869fbdd6dd98ce2fb2125cf8db655db91f8ca98d99663d025ccd4c29abb8c49497d061cd7f16592fcb0b38d01cf3be08722110061e4c182ae2e70a3549d5193e2c4bd79fb13fc25b65101e0473c98760c91d0837c5ebfc041379ae4635233c9d530cace1645ed547e0487c1f436f462d2ac78d158c600226aebdab07cc5f4f1974481fe40211d626110961b6914f149ec57e55e595d750b5a536cbc9de7a8a000000"], 0x20) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 3307.649265][ T26] audit: type=1804 audit(1574309176.989:156): pid=28289 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/753/file0/bus" dev="sda1" ino=16770 res=1 04:06:17 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3308.091127][T28299] device nr0 entered promiscuous mode 04:06:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x35}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 04:06:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x5, 0x35}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 04:06:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3308.576955][T28311] FAT-fs (loop1): bogus number of reserved sectors [ 3308.590691][T28311] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3308.615997][ T26] audit: type=1804 audit(1574309177.959:157): pid=28315 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/754/file0/bus" dev="sda1" ino=16564 res=1 04:06:23 executing program 0: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r0 = socket(0x2b, 0x1, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000000c0)="390000001000090468fe07002b0000000100ff0714000000450001070300001419001a00", 0x24}], 0x1) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000001000)={0x4}, 0x10) write(0xffffffffffffffff, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000000000000000000006000800", 0x20) sendmmsg$alg(r1, &(0x7f0000000140), 0xcc, 0x0) 04:06:23 executing program 4: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket(0x400000000010, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x1}, 0x8) sendmsg(r0, &(0x7f00000000c0)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000540)='~', 0x1}], 0x1}, 0x0) 04:06:23 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:23 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3313.769622][T28331] FAT-fs (loop1): bogus number of reserved sectors [ 3313.776907][T28331] FAT-fs (loop1): Can't find a valid FAT filesystem 04:06:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@updsa={0xf0, 0x1a, 0x205, 0x0, 0x0, {{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@local}, @in6=@dev, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xffc1) splice(r1, 0x0, r3, 0x0, 0x4ffe0, 0x0) [ 3313.824178][T28327] device nr0 entered promiscuous mode [ 3313.832410][ T26] audit: type=1804 audit(1574309183.179:158): pid=28334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/755/file0/bus" dev="sda1" ino=16897 res=1 04:06:23 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:23 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000000301ffff808f040000000000000010ae1b46a38ff20a8158a78d52a843884aa0d9c05e81f1f8cf4901173bb7a2a67b11d47c9a70e9f7b9a5cad6ee9b15a822b9c7b74bd9dc8ad530c1b859305774e400735f77e03d947972331c5273fcc4071a4f4d5d538bb298ea630902b6c83bb1583c400699124e8b949189e4d222a74e5cb5258f8a54eacdeb3ab1cd55b1263729540e7cb885a54fabebbbafe7442cb7"], 0x14}}, 0x0) [ 3314.605240][T28340] device nr0 entered promiscuous mode 04:06:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x6100) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x1ffe00) [ 3314.889488][T28449] FAT-fs (loop1): bogus number of reserved sectors [ 3314.896745][ T26] audit: type=1804 audit(1574309184.249:159): pid=28451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/756/file0/bus" dev="sda1" ino=16817 res=1 [ 3314.962478][T28449] FAT-fs (loop1): Can't find a valid FAT filesystem 04:06:24 executing program 4: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x2bfe00) 04:06:24 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0xffffffffffffffd5, &(0x7f0000000000), 0x251, 0x0, 0xfffffffffffffdf0}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000580)='ip6_vti0\x00') 04:06:36 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = dup2(r0, r0) name_to_handle_at(r1, &(0x7f0000000040)='\x00', &(0x7f0000000080)={0x8}, 0x0, 0x1000) 04:06:36 executing program 4: socket$kcm(0xa, 0x2, 0x73) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x65841, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000480), 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b24, &(0x7f0000000840)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\xbd\xf8\x04U\x04\x00\x00\x00\b\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x01$\xac\xa0\xd7j&\xe0\x19\x9c\x13a\xca\x1c\x17') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) 04:06:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 04:06:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:36 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:36 executing program 2: creat(&(0x7f0000000040)='./file0\x00', 0x0) open(&(0x7f0000000140)='./file0\x00', 0x400010, 0xd7) [ 3327.144367][T28582] FAT-fs (loop1): bogus number of reserved sectors [ 3327.153067][T28582] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3327.177033][ T26] audit: type=1804 audit(1574309196.519:160): pid=28586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/757/file0/bus" dev="sda1" ino=16551 res=1 [ 3327.307521][T28578] device nr0 entered promiscuous mode 04:06:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="6653070000053c07bc3376003639405cb4aed12f00cff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c", 0x39}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:06:37 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x80001d00c0d0) [ 3327.837671][T28802] device nr0 entered promiscuous mode 04:06:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3328.165907][T28806] FAT-fs (loop1): bogus number of reserved sectors [ 3328.199124][T28806] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3328.227039][ T26] audit: type=1804 audit(1574309197.569:161): pid=28808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/758/file0/bus" dev="sda1" ino=16910 res=1 04:06:37 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x80001d00c0d0) [ 3328.678383][T28813] device nr0 entered promiscuous mode 04:06:38 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x80001d00c0d0) 04:06:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3329.062513][T28817] device nr0 entered promiscuous mode [ 3329.098118][T28821] FAT-fs (loop1): bogus number of reserved sectors [ 3329.106287][T28821] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3329.150269][ T26] audit: type=1804 audit(1574309198.489:162): pid=28823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/759/file0/bus" dev="sda1" ino=16908 res=1 04:06:49 executing program 0: r0 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$sock(r0, &(0x7f0000001a00)={&(0x7f0000000440)=@un=@abs, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0) 04:06:49 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x80001d00c0d0) 04:06:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:06:49 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080), 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:06:49 executing program 4: r0 = gettid() r1 = socket$inet(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) write$binfmt_script(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="01e202df45f1f8eddb8ee3440f00104c99f10cc6297fa1b9b3853c78451263e8301d8124c8d61cca9c"], 0x29) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x3a8, 0x0, 0x250, 0x110, 0x0, 0x0, 0x310, 0x310, 0x310, 0x310, 0x310, 0x4, &(0x7f0000000000), {[{{@ip={@local, @multicast2, 0xffffff00, 0x0, 'team0\x00', 'vlan0\x00', {}, {0xff}, 0x29, 0x2, 0x2}, 0x0, 0xe8, 0x110, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x178ec3f3, 0x8}}, @common=@socket0={0x20, 'socket\x00'}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xaea60e442d25bf1e}}}, {{@uncond, 0x0, 0x100, 0x140, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x0, [0x80000001, 0x6, 0x5, 0x40, 0xa3, 0xffc00000], 0x4, 0x81}}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x12, 0x39, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x3, 0x3c, "791483a802c88cbed896b467fece278ef918f97adc5d68eb4e845c6d237f"}}}, {{@ip={@rand_addr=0xef3d, @loopback, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'rose0\x00', {0xff}, {0xff}, 0x0, 0x1, 0x40}, 0x0, 0x98, 0xc0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x27b, 0x1ff, 0xd8c5417a7de5a455}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x408) socket$netlink(0x10, 0x3, 0x9f576626b2f54b56) ptrace$setopts(0x4206, r0, 0x0, 0x0) 04:06:49 executing program 2: add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r0 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$revoke(0x3, 0x0) r1 = add_key(&(0x7f0000000040)='big_key\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$revoke(0x3, r1) keyctl$revoke(0x3, 0x0) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f00000001c0)={'\x00\x01\x00', 0x3}, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x5) ioctl$SG_IO(r3, 0x2285, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d766a83cf89441cb69d952f41bdd2ac8bb8c43b460", 0x34}, {&(0x7f0000000100)="aa1d484e24002000a84d4583671e120755272bb736be94d9fc56c9953fbd80630600097704a71e023a27b2", 0x2b}], 0x2) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r2) add_key$keyring(&(0x7f0000000300)='\xff\x03\x00\x00\x11\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0) add_key(&(0x7f0000000340)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='\b', 0x29a, 0xfffffffffffffffb) memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) close(0xffffffffffffffff) [ 3340.640704][T28840] FAT-fs (loop1): bogus number of reserved sectors [ 3340.647293][T28840] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3340.698030][ T26] audit: type=1804 audit(1574309210.039:163): pid=28846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/760/file0/bus" dev="sda1" ino=16770 res=1 [ 3340.713457][T28843] device nr0 entered promiscuous mode 04:06:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb9040a1d65ef0b007c05e87c55a1bc000900b8000699030000000500154001008178a8001600400002000200000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 04:06:50 executing program 4: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0xfffffffffffffe2d, &(0x7f0000000240)=[{&(0x7f0000000000)="2e000000110081aee405d10200000e00fa076b000700000000f3ff500befccd77f00000000081c5eda00b0eba06a", 0x15a}], 0x1}, 0x0) [ 3340.875055][T28898] IPv6: NLM_F_CREATE should be specified when creating new route [ 3340.889802][T28898] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 3340.898606][T28898] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3340.979530][T28901] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:06:50 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) [ 3341.050971][T28902] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:06:50 executing program 4: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0xfffffffffffffe2d, &(0x7f0000000240)=[{&(0x7f0000000000)="2e000000110081aee405d10200000e00fa076b000700000000f3ff500befccd77f00000000081c5eda00b0eba06a", 0x15a}], 0x1}, 0x0) [ 3341.258224][T28905] device nr0 entered promiscuous mode [ 3341.275227][T28909] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:06:50 executing program 4: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0xfffffffffffffe2d, &(0x7f0000000240)=[{&(0x7f0000000000)="2e000000110081aee405d10200000e00fa076b000700000000f3ff500befccd77f00000000081c5eda00b0eba06a", 0x15a}], 0x1}, 0x0) [ 3341.423514][T28911] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. 04:06:50 executing program 4: socket$inet6(0xa, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setattr(0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) prctl$PR_SET_PTRACER(0x59616d61, 0x0) [ 3341.593504][T28915] input: syz1 as /devices/virtual/input/input12 04:07:04 executing program 0: unshare(0x2000400) r0 = epoll_create(0x80) epoll_wait(r0, &(0x7f0000000140)=[{}], 0x1, 0x0) 04:07:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:07:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) 04:07:04 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:07:04 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080), 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:07:04 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) [ 3355.169706][T29032] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3355.186546][T29032] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3355.208104][T29032] Error parsing options; rc = [-22] [ 3355.234561][T29036] FAT-fs (loop1): bogus number of reserved sectors [ 3355.245205][ T26] audit: type=1804 audit(1574309224.589:164): pid=29041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/761/bus" dev="sda1" ino=16839 res=1 [ 3355.290928][T29036] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3355.299785][T29038] device nr0 entered promiscuous mode 04:07:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) [ 3355.768729][T29151] device nr0 entered promiscuous mode 04:07:05 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x0) 04:07:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3356.154604][T29158] FAT-fs (loop1): invalid media value (0x00) [ 3356.161160][T29158] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3356.192854][T29156] device nr0 entered promiscuous mode [ 3356.208228][ T26] audit: type=1804 audit(1574309225.549:165): pid=29158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/762/file0/bus" dev="sda1" ino=16842 res=1 04:07:05 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x0) [ 3356.656430][T29166] device nr0 entered promiscuous mode 04:07:06 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') r3 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x200004) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, 0x0) sendfile(r0, r3, 0x0, 0x0) 04:07:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3357.039857][T29170] device nr0 entered promiscuous mode [ 3357.137591][T29174] FAT-fs (loop1): invalid media value (0x00) [ 3357.150828][T29174] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3357.165975][ T26] audit: type=1804 audit(1574309226.509:166): pid=29177 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/763/file0/bus" dev="sda1" ino=16843 res=1 [ 3361.366182][T29184] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3361.375902][T29184] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3361.389654][T29184] Error parsing options; rc = [-22] 04:07:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x49f) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 04:07:15 executing program 3: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000640)=""/172, 0x2af) 04:07:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:07:15 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080), 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:07:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:07:15 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:07:15 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, 0x0) socket$inet(0x2, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x250}}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@remote, r3}, 0x14) [ 3366.515079][T29193] FAT-fs (loop1): invalid media value (0x00) [ 3366.522039][T29193] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3366.525440][T29196] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3366.547887][T29196] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3366.569536][T29196] Error parsing options; rc = [-22] [ 3366.580177][ T26] audit: type=1804 audit(1574309235.919:167): pid=29193 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/764/file0/bus" dev="sda1" ino=16848 res=1 04:07:16 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) 04:07:16 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) 04:07:16 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) 04:07:16 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) 04:07:16 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) 04:07:29 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000600)=""/164, 0xa4}], 0x1, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', 0x0, 0x0, 0x8e56b071b577b247, 0x0) read$FUSE(r0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000780), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000300)={0x50, 0x0, 0x1}, 0x50) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000540)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85eb}}}, 0x90) 04:07:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:07:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000000)=0x1) preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:29 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:07:29 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:07:29 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) [ 3379.950758][T29244] FAT-fs (loop1): invalid media value (0x00) [ 3379.967447][T29244] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3379.976114][T29247] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3379.997117][ T26] audit: type=1804 audit(1574309249.339:168): pid=29244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/765/file0/bus" dev="sda1" ino=16625 res=1 [ 3380.070291][T29247] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3380.132956][T29247] Error parsing options; rc = [-22] 04:07:29 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3380.547222][T29356] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3380.574442][T29356] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3380.594357][T29356] Error parsing options; rc = [-22] 04:07:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000000)=0x1) preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3380.888868][T29365] FAT-fs (loop1): invalid media value (0x00) [ 3380.928471][ T26] audit: type=1804 audit(1574309250.269:169): pid=29368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/766/file0/bus" dev="sda1" ino=16625 res=1 [ 3380.961733][T29365] FAT-fs (loop1): Can't find a valid FAT filesystem 04:07:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000000)=0x1) preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3381.839462][T29376] FAT-fs (loop1): invalid media value (0x00) [ 3381.855665][T29376] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3381.898559][ T26] audit: type=1804 audit(1574309251.239:170): pid=29378 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/767/file0/bus" dev="sda1" ino=16625 res=1 04:07:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000000)=0x1) preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3386.135242][T29393] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3386.145000][T29393] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3386.158269][T29393] Error parsing options; rc = [-22] 04:07:40 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:07:40 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:07:40 executing program 0: keyctl$revoke(0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x5) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="aa1d484e24002000a84d4583671e120755272bb736be94d9fc56c9953fbd80630600097704a71e023a27b2", 0x2b}], 0x1) add_key$keyring(&(0x7f0000000300)='\xff\x03\x00\x00\x11\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0x0) 04:07:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:40 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) 04:07:40 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3391.248612][T29399] FAT-fs (loop1): invalid media value (0x00) [ 3391.255773][T29399] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3391.270472][T29402] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3391.280234][T29402] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3391.298000][ T26] audit: type=1804 audit(1574309260.649:171): pid=29404 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/768/file0/bus" dev="sda1" ino=16871 res=1 [ 3391.347303][T29402] Error parsing options; rc = [-22] 04:07:40 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) [ 3391.683578][T29511] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3391.734604][T29511] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3391.756196][T29511] Error parsing options; rc = [-22] 04:07:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) 04:07:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3392.029812][T29615] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3392.040823][T29615] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3392.055508][T29615] Error parsing options; rc = [-22] 04:07:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3392.196433][T29624] FAT-fs (loop1): invalid media value (0x00) [ 3392.202833][T29624] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3392.238252][ T26] audit: type=1804 audit(1574309261.579:172): pid=29627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/769/file0/bus" dev="sda1" ino=16588 res=1 04:07:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$midi(0x0, 0x0, 0x2258c0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x1, 0x3, 0x1}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x180000, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:07:53 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) 04:07:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) io_setup(0x7, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:07:53 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:07:53 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3403.793576][T29649] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3403.797999][T29652] FAT-fs (loop1): invalid media value (0x00) [ 3403.815053][T29649] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:07:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3403.844587][T29652] FAT-fs (loop1): Can't find a valid FAT filesystem [ 3403.849981][T29649] Error parsing options; rc = [-22] [ 3403.883876][ T26] audit: type=1804 audit(1574309273.229:173): pid=29658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/770/file0/bus" dev="sda1" ino=16925 res=1 04:07:53 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:07:53 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3404.176791][T29768] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3404.225286][T29768] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3404.298421][T29768] Error parsing options; rc = [-22] 04:07:53 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:07:53 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3404.494539][T29877] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3404.529593][T29877] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:07:53 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3404.560066][T29877] Error parsing options; rc = [-22] 04:08:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000002c0)="66b98100004066b830da66330f23c80f21f866350800c0000f23f82ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800080f001e00680fae470b", 0x4b}], 0x1, 0x51, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:08:13 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:08:13 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:13 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:08:13 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) [ 3424.262194][T30001] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3424.295997][T30001] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:08:13 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3424.338559][T30001] Error parsing options; rc = [-22] 04:08:13 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3424.438332][ T26] audit: type=1804 audit(1574309293.779:174): pid=30007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/771/file0/bus" dev="loop1" ino=52 res=1 [ 3424.495135][T30013] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3424.523817][T30013] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:08:13 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3424.546575][T30013] Error parsing options; rc = [-22] 04:08:14 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 3424.674139][T30009] attempt to access beyond end of device [ 3424.681059][T30009] loop1: rw=2049, want=641, limit=624 [ 3424.735475][T26791] attempt to access beyond end of device [ 3424.741375][T26791] loop1: rw=1, want=2689, limit=624 [ 3424.751723][T26791] attempt to access beyond end of device [ 3424.758856][T26791] loop1: rw=1, want=4290, limit=624 04:08:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3424.792802][T30123] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3424.838200][T30123] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3424.852085][T30123] Error parsing options; rc = [-22] [ 3425.053784][ T26] audit: type=1804 audit(1574309294.399:175): pid=30232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/772/file0/bus" dev="loop1" ino=53 res=1 [ 3425.184587][T30234] attempt to access beyond end of device [ 3425.191824][T30234] loop1: rw=2049, want=641, limit=624 [ 3425.253997][T17949] attempt to access beyond end of device [ 3425.259916][T17949] loop1: rw=1, want=3273, limit=624 [ 3425.268433][T17949] attempt to access beyond end of device [ 3425.274187][T17949] loop1: rw=1, want=4290, limit=624 04:08:26 executing program 0: creat(&(0x7f0000020900)='./file0\x00', 0x0) open(&(0x7f0000000140)='./file0\x00', 0x400010, 0x100) 04:08:26 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:08:26 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:08:26 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) 04:08:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:27 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:27 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:27 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3437.930682][ T26] audit: type=1804 audit(1574309307.269:176): pid=30255 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/773/file0/bus" dev="loop1" ino=54 res=1 [ 3438.099786][T30275] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3438.123135][T30275] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3438.138700][T30258] attempt to access beyond end of device 04:08:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3438.144940][T30258] loop1: rw=2049, want=641, limit=624 [ 3438.155834][T30275] Error parsing options; rc = [-22] [ 3438.227688][T22668] attempt to access beyond end of device [ 3438.246953][T22668] loop1: rw=1, want=2769, limit=624 [ 3438.276458][T22668] attempt to access beyond end of device [ 3438.284374][T22668] loop1: rw=1, want=4290, limit=624 [ 3445.844153][T30386] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3445.853950][T30386] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3445.867129][T30386] Error parsing options; rc = [-22] 04:08:38 executing program 0: creat(&(0x7f0000020900)='./file0\x00', 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x400010, 0x0) fchmodat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 04:08:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, 0x0}) ptrace(0xffffffffffffffff, r0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r4, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 04:08:38 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:38 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:08:38 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:08:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3448.900442][T30395] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3448.916318][T30395] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3448.929722][T30395] Error parsing options; rc = [-22] 04:08:38 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3449.104222][T30409] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3449.128393][T30409] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:08:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3449.154799][T30409] Error parsing options; rc = [-22] [ 3449.210804][ T26] audit: type=1804 audit(1574309318.549:177): pid=30400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/774/file0/bus" dev="loop1" ino=55 res=1 04:08:38 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:38 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3449.359104][T30516] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3449.370966][T30516] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3449.386237][T30516] Error parsing options; rc = [-22] [ 3449.445502][T30521] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3449.455908][T30521] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3449.469464][T30521] Error parsing options; rc = [-22] [ 3449.487561][T30411] attempt to access beyond end of device 04:08:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3449.494547][T30411] loop1: rw=2049, want=641, limit=624 [ 3449.580359][ T2575] attempt to access beyond end of device [ 3449.590811][ T2575] loop1: rw=1, want=2689, limit=624 [ 3449.602900][ T2575] attempt to access beyond end of device [ 3449.616822][ T2575] loop1: rw=1, want=4290, limit=624 04:08:51 executing program 0: r0 = socket$inet(0x10, 0x2000000000000002, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0xfffffffffffffead, &(0x7f0000000140)=[{&(0x7f00000000c0)="2f0000001d0005c5ffffff000d0000000200001f01000000000002c9130001000000000050800000d18e1092e0c875", 0x2f}], 0x1}, 0x0) 04:08:51 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:08:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:51 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3462.352978][T30547] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] 04:08:51 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:08:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3462.399022][T30547] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3462.414244][T30547] Error parsing options; rc = [-22] [ 3462.417529][ T26] audit: type=1804 audit(1574309331.759:178): pid=30545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/775/file0/bus" dev="sda1" ino=16817 res=1 04:08:51 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3462.588706][T30660] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3462.605880][T30660] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3462.629535][T30660] Error parsing options; rc = [-22] 04:08:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:08:52 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:08:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3462.942352][T30770] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3462.958459][T30770] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3462.979781][T30770] Error parsing options; rc = [-22] 04:08:52 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3463.133147][T30778] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3463.173228][T30778] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3463.198644][T30778] Error parsing options; rc = [-22] 04:09:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000700)='/dev/ful\xbb.\xddq\xafb\xd3\x91\x85\xa0\xc1l\x00', 0x0) ftruncate(r0, 0x800799d) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x2012, r0, 0x0) 04:09:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:09:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:09:09 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:09:09 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3479.868008][T30896] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3479.899738][T30896] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3479.951479][T30896] Error parsing options; rc = [-22] [ 3480.078360][ T26] audit: type=1804 audit(1574309349.419:179): pid=30930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/776/file0/bus" dev="loop1" ino=56 res=1 [ 3480.128266][T30996] attempt to access beyond end of device [ 3480.134303][T30996] loop1: rw=2049, want=641, limit=624 [ 3480.165366][ T2575] attempt to access beyond end of device [ 3480.171990][ T2575] loop1: rw=1, want=2713, limit=624 [ 3480.179434][ T2575] attempt to access beyond end of device [ 3480.185281][ T2575] loop1: rw=1, want=4290, limit=624 04:09:15 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:09:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:09:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:09:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x4e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) io_setup(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ptrace(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x1) connect$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:09:15 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) [ 3486.199442][T31019] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3486.220763][T31019] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README 04:09:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) [ 3486.250343][T31019] Error parsing options; rc = [-22] 04:09:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3486.441528][T31133] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3486.451320][T31133] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3486.480007][T31133] Error parsing options; rc = [-22] [ 3486.500957][ T26] audit: type=1804 audit(1574309355.849:180): pid=31026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590963177/syzkaller.6HJsmg/777/file0/bus" dev="loop1" ino=57 res=1 04:09:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff03005400005531fe0500fac9067f076748b4f245", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001800000000000000000000001d01000008000e00", @ANYRES32=0x0, @ANYBLOB="18fa0000000000000003"], 0x3}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 04:09:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:09:22 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:09:22 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, 0x0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r5, 0x2, &(0x7f0000000080)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000180)='\f', 0x1}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) r6 = socket$inet6(0xa, 0x3, 0x3c) io_submit(0x0, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000780), 0x4000}]) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") tkill(r0, 0x15) 04:09:22 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 04:09:31 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) syz_open_dev$vcsn(0x0, 0x0, 0xca80) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) 04:09:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='limits\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 04:09:31 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='ecryptfs\x00', 0x0, &(0x7f0000000240)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11e!\xad?\x9ate\xe9\xf2c\xceZ%\x9a\x00\xcb\bYw\xfc\xba1o\xd4Cfc\x8dh\x8f\x9e\xcb\x9a \xe0\x7f^\x03c\xd8\x8f\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa1%\xb3\x1b,g\x8d\xfa\x8dq&\xc4\xc0\x81W=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\xb1\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X') ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) [ 3514.085121][T31170] ecryptfs_parse_options: eCryptfs: unrecognized option [¨6Š›ø]Åcše!­?šteéòcÎZ%š] [ 3514.094810][T31170] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 3514.108024][T31170] Error parsing options; rc = [-22] [ 3516.404617][T20341] attempt to access beyond end of device [ 3516.410651][T20341] loop1: rw=1048577, want=2961, limit=624 [ 3516.418511][T20341] attempt to access beyond end of device [ 3516.424606][T20341] loop1: rw=1048577, want=4290, limit=624 [ 3636.720851][ T1071] INFO: task syz-executor.1:31051 blocked for more than 143 seconds. [ 3636.728985][ T1071] Not tainted 5.4.0-rc8-syzkaller #0 [ 3636.734864][ T1071] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3636.743584][ T1071] syz-executor.1 D23144 31051 12504 0x00004004 [ 3636.749999][ T1071] Call Trace: [ 3636.753438][ T1071] __schedule+0x909/0x1ee0 [ 3636.757885][ T1071] ? __sched_text_start+0x8/0x8 [ 3636.762800][ T1071] ? _raw_spin_unlock_irq+0x28/0x90 [ 3636.767993][ T1071] ? wait_on_page_bit+0x23f/0xa60 [ 3636.773851][ T1071] ? _raw_spin_unlock_irq+0x28/0x90 [ 3636.779136][ T1071] schedule+0xd9/0x260 [ 3636.783272][ T1071] io_schedule+0x1c/0x70 [ 3636.787515][ T1071] wait_on_page_bit+0x27c/0xa60 [ 3636.792445][ T1071] ? __lock_page_killable+0xb30/0xb30 [ 3636.797847][ T1071] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3636.804829][ T1071] ? page_cache_next_miss+0x340/0x340 [ 3636.810231][ T1071] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3636.815854][ T1071] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3636.821899][ T1071] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3636.828160][ T1071] ? page_mapping+0x301/0x5c0 [ 3636.832884][ T1071] wait_on_page_writeback+0x1b2/0x4f0 [ 3636.838262][ T1071] __filemap_fdatawait_range+0x145/0x340 [ 3636.843946][ T1071] ? add_page_wait_queue+0x260/0x260 [ 3636.849331][ T1071] ? __filemap_fdatawrite_range+0x1fc/0x3b0 [ 3636.855354][ T1071] ? find_held_lock+0x35/0x130 [ 3636.860135][ T1071] ? generic_file_write_iter+0x42b/0x690 [ 3636.865854][ T1071] file_write_and_wait_range+0x1ac/0x210 [ 3636.871565][ T1071] __generic_file_fsync+0x79/0x200 [ 3636.876683][ T1071] fat_file_fsync+0x78/0x210 [ 3636.881438][ T1071] ? fat_free_clusters.cold+0x2f/0x2f [ 3636.886941][ T1071] vfs_fsync_range+0x141/0x230 [ 3636.891792][ T1071] generic_file_write_iter+0x4ea/0x690 [ 3636.897401][ T1071] ? __generic_file_write_iter+0x630/0x630 [ 3636.904250][ T1071] ? __kasan_check_read+0x11/0x20 [ 3636.909321][ T1071] ? mark_lock+0xc2/0x1220 [ 3636.913801][ T1071] ? __kasan_check_write+0x14/0x20 [ 3636.918939][ T1071] do_iter_readv_writev+0x5f8/0x8f0 [ 3636.924299][ T1071] ? common_file_perm+0x238/0x720 [ 3636.929417][ T1071] ? no_seek_end_llseek_size+0x70/0x70 [ 3636.934979][ T1071] ? apparmor_file_permission+0x25/0x30 [ 3636.940595][ T1071] ? rw_verify_area+0x126/0x360 [ 3636.945460][ T1071] do_iter_write+0x184/0x610 [ 3636.950167][ T1071] ? retint_kernel+0x2b/0x2b [ 3636.954825][ T1071] vfs_iter_write+0x77/0xb0 [ 3636.959337][ T1071] iter_file_splice_write+0x66d/0xbe0 [ 3636.964770][ T1071] ? page_cache_pipe_buf_release+0x180/0x180 [ 3636.971178][ T1071] ? rw_verify_area+0x126/0x360 [ 3636.976022][ T1071] ? page_cache_pipe_buf_release+0x180/0x180 [ 3636.982046][ T1071] direct_splice_actor+0x123/0x190 [ 3636.987169][ T1071] splice_direct_to_actor+0x366/0x970 [ 3636.992723][ T1071] ? generic_pipe_buf_nosteal+0x10/0x10 [ 3636.998387][ T1071] ? do_splice_to+0x180/0x180 [ 3637.003283][ T1071] ? rw_verify_area+0x126/0x360 [ 3637.008165][ T1071] do_splice_direct+0x1da/0x2a0 [ 3637.013089][ T1071] ? splice_direct_to_actor+0x970/0x970 [ 3637.018638][ T1071] ? rcu_read_lock_any_held+0xcd/0xf0 [ 3637.024108][ T1071] ? __this_cpu_preempt_check+0x3a/0x210 [ 3637.029743][ T1071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3637.036635][ T1071] ? __sb_start_write+0x1e5/0x460 [ 3637.041736][ T1071] do_sendfile+0x597/0xd00 [ 3637.046165][ T1071] ? do_compat_pwritev64+0x1c0/0x1c0 [ 3637.051539][ T1071] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3637.057804][ T1071] ? _copy_from_user+0x12c/0x1a0 [ 3637.062801][ T1071] __x64_sys_sendfile64+0x15a/0x220 [ 3637.068022][ T1071] ? __ia32_sys_sendfile+0x230/0x230 [ 3637.073355][ T1071] ? do_syscall_64+0x26/0x760 [ 3637.078040][ T1071] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3637.083395][ T1071] ? trace_hardirqs_on+0x67/0x240 [ 3637.088429][ T1071] do_syscall_64+0xfa/0x760 [ 3637.092982][ T1071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3637.098875][ T1071] RIP: 0033:0x45a639 [ 3637.102895][ T1071] Code: 03 00 00 48 29 f0 48 3d f8 12 00 00 76 7d 48 81 ec 08 10 00 00 48 89 ac 24 00 10 00 00 48 8d ac 24 00 10 00 00 48 8b 59 20 48 <85> db 75 67 48 8b b4 24 20 10 00 00 8b 8c 24 28 10 00 00 48 89 e7 [ 3637.122578][ T1071] RSP: 002b:00007fe5d4815c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3637.131085][ T1071] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 3637.139138][ T1071] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 3637.147162][ T1071] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 3637.155181][ T1071] R10: 00008080fffffffe R11: 0000000000000246 R12: 00007fe5d48166d4 [ 3637.164076][ T1071] R13: 00000000004c83bf R14: 00000000004de7f0 R15: 00000000ffffffff [ 3637.172135][ T1071] [ 3637.172135][ T1071] Showing all locks held in the system: [ 3637.180906][ T1071] 1 lock held by khungtaskd/1071: [ 3637.185950][ T1071] #0: ffffffff88fab980 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3637.195698][ T1071] 1 lock held by rsyslogd/8707: [ 3637.200657][ T1071] #0: ffff8880a92106a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3637.209388][ T1071] 2 locks held by getty/8797: [ 3637.214215][ T1071] #0: ffff888092865090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.223221][ T1071] #1: ffffc90005f472e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.232943][ T1071] 2 locks held by getty/8798: [ 3637.237622][ T1071] #0: ffff88809725f090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.246679][ T1071] #1: ffffc90005f432e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.256413][ T1071] 2 locks held by getty/8799: [ 3637.261129][ T1071] #0: ffff888096e1c090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.270090][ T1071] #1: ffffc90005f4b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.279745][ T1071] 2 locks held by getty/8800: [ 3637.284698][ T1071] #0: ffff8880970b2090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.294731][ T1071] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.304382][ T1071] 2 locks held by getty/8801: [ 3637.309052][ T1071] #0: ffff8880a51a6090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.318048][ T1071] #1: ffffc90005f3f2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.327839][ T1071] 2 locks held by getty/8802: [ 3637.332569][ T1071] #0: ffff8880947d2090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.341586][ T1071] #1: ffffc90005f2d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.351226][ T1071] 2 locks held by getty/8803: [ 3637.355900][ T1071] #0: ffff88809b289090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3637.364916][ T1071] #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3637.374555][ T1071] 1 lock held by syz-executor.1/31051: [ 3637.379992][ T1071] #0: ffff88806a332428 (sb_writers#15){.+.+}, at: do_sendfile+0x9b9/0xd00 [ 3637.388637][ T1071] [ 3637.391007][ T1071] ============================================= [ 3637.391007][ T1071] [ 3637.399420][ T1071] NMI backtrace for cpu 0 [ 3637.403846][ T1071] CPU: 0 PID: 1071 Comm: khungtaskd Not tainted 5.4.0-rc8-syzkaller #0 [ 3637.412101][ T1071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3637.422617][ T1071] Call Trace: [ 3637.426078][ T1071] dump_stack+0x197/0x210 [ 3637.430413][ T1071] nmi_cpu_backtrace.cold+0x70/0xb2 [ 3637.435600][ T1071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3637.441826][ T1071] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3637.447626][ T1071] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 3637.453729][ T1071] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3637.459626][ T1071] watchdog+0x9d0/0xef0 [ 3637.463781][ T1071] kthread+0x361/0x430 [ 3637.467831][ T1071] ? reset_hung_task_detector+0x30/0x30 [ 3637.473359][ T1071] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 3637.479069][ T1071] ret_from_fork+0x24/0x30 [ 3637.483770][ T1071] Sending NMI from CPU 0 to CPUs 1: [ 3637.489065][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 3637.490965][ T1071] Kernel panic - not syncing: hung_task: blocked tasks [ 3637.504450][ T1071] CPU: 0 PID: 1071 Comm: khungtaskd Not tainted 5.4.0-rc8-syzkaller #0 [ 3637.512680][ T1071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3637.523177][ T1071] Call Trace: [ 3637.526462][ T1071] dump_stack+0x197/0x210 [ 3637.530790][ T1071] panic+0x2e3/0x75c [ 3637.534760][ T1071] ? add_taint.cold+0x16/0x16 [ 3637.539435][ T1071] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3637.545172][ T1071] ? ___preempt_schedule+0x16/0x20 [ 3637.550369][ T1071] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3637.556518][ T1071] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 3637.562661][ T1071] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 3637.568792][ T1071] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3637.574926][ T1071] watchdog+0x9e1/0xef0 [ 3637.579099][ T1071] kthread+0x361/0x430 [ 3637.583171][ T1071] ? reset_hung_task_detector+0x30/0x30 [ 3637.589939][ T1071] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 3637.596108][ T1071] ret_from_fork+0x24/0x30 [ 3637.603492][ T1071] Kernel Offset: disabled [ 3637.607951][ T1071] Rebooting in 86400 seconds..