= ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:00 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b"], 0x45) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:01 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB], 0x2a) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1554.881625][ T25] audit: type=1804 audit(1571917741.488:2073): pid=16135 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/919/bus" dev="sda1" ino=16701 res=1 11:49:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:01 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b"], 0x45) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:02 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f8"], 0x52) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:04 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f8"], 0x52) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1557.861256][ T25] audit: type=1804 audit(1571917744.448:2074): pid=16825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/922/bus" dev="sda1" ino=16680 res=1 [ 1557.987476][ T25] audit: type=1804 audit(1571917744.518:2075): pid=16817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/922/bus" dev="sda1" ino=16680 res=1 11:49:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:05 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f8"], 0x52) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1558.923022][ T25] audit: type=1804 audit(1571917745.528:2076): pid=17154 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/923/bus" dev="sda1" ino=16727 res=1 11:49:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:05 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1559.895674][ T25] audit: type=1804 audit(1571917746.498:2077): pid=17482 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/924/bus" dev="sda1" ino=16670 res=1 11:49:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:07 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:07 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1561.105868][ T25] audit: type=1804 audit(1571917747.718:2078): pid=17717 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/925/bus" dev="sda1" ino=16628 res=1 11:49:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:08 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:08 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1562.135043][ T25] audit: type=1804 audit(1571917748.748:2079): pid=17952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/926/bus" dev="sda1" ino=16664 res=1 11:49:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:09 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:09 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65"], 0x59) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1563.142309][ T25] audit: type=1804 audit(1571917749.748:2080): pid=18276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/927/bus" dev="sda1" ino=16551 res=1 11:49:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:10 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1564.021277][ T25] audit: type=1804 audit(1571917750.628:2081): pid=18608 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/928/bus" dev="sda1" ino=16689 res=1 11:49:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:11 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:11 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1564.887192][ T25] audit: type=1804 audit(1571917751.498:2082): pid=18832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/929/bus" dev="sda1" ino=16564 res=1 11:49:11 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:11 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:12 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369"], 0x5e) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:12 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1566.019963][ T25] audit: type=1804 audit(1571917752.628:2083): pid=19165 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/930/bus" dev="sda1" ino=16689 res=1 11:49:12 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:13 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e86"], 0x5c) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:13 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369"], 0x5e) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1567.153111][ T25] audit: type=1804 audit(1571917753.768:2084): pid=19301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/931/bus" dev="sda1" ino=16768 res=1 11:49:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:14 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369"], 0x5e) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1568.050417][ T25] audit: type=1804 audit(1571917754.658:2085): pid=19424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/932/bus" dev="sda1" ino=16551 res=1 11:49:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:15 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:15 executing program 3: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:15 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:15 executing program 3: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:15 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1568.977871][ T25] audit: type=1804 audit(1571917755.588:2086): pid=19455 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/933/bus" dev="sda1" ino=16539 res=1 11:49:15 executing program 3: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:49:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:16 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:16 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1570.068817][ T25] audit: type=1804 audit(1571917756.678:2087): pid=19599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/934/bus" dev="sda1" ino=16749 res=1 11:49:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:17 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1571.066521][ T25] audit: type=1804 audit(1571917757.668:2088): pid=19926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/935/bus" dev="sda1" ino=16744 res=1 11:49:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:17 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:18 executing program 1: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:18 executing program 1: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 1571.865266][ T25] audit: type=1804 audit(1571917758.478:2089): pid=20317 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/936/bus" dev="sda1" ino=16768 res=1 11:49:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:18 executing program 1: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:18 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:19 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1572.743620][ T25] audit: type=1804 audit(1571917759.358:2090): pid=20608 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/937/bus" dev="sda1" ino=16811 res=1 11:49:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:19 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:19 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:19 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:20 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1573.719923][ T25] audit: type=1804 audit(1571917760.318:2091): pid=20847 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/938/bus" dev="sda1" ino=16816 res=1 11:49:20 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1573.803508][ T25] audit: type=1804 audit(1571917760.328:2092): pid=20840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/938/bus" dev="sda1" ino=16816 res=1 11:49:20 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:20 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:20 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 11:49:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1574.782804][ T25] audit: type=1804 audit(1571917761.398:2093): pid=20990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/939/bus" dev="sda1" ino=16961 res=1 11:49:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:21 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:21 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1575.544417][ T25] audit: type=1804 audit(1571917762.158:2094): pid=21016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/940/bus" dev="sda1" ino=16826 res=1 [ 1575.678579][ T25] audit: type=1804 audit(1571917762.158:2095): pid=21012 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/940/bus" dev="sda1" ino=16826 res=1 11:49:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:22 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:22 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 1576.304696][ T25] audit: type=1804 audit(1571917762.918:2096): pid=21140 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/941/bus" dev="sda1" ino=16525 res=1 11:49:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:23 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:23 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:23 executing program 2: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:23 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4b) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:23 executing program 2: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 1577.187207][ T25] audit: type=1804 audit(1571917763.798:2097): pid=21339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/942/bus" dev="sda1" ino=17041 res=1 [ 1577.361932][ T25] audit: type=1804 audit(1571917763.828:2098): pid=21269 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/942/bus" dev="sda1" ino=17041 res=1 11:49:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:24 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4b) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:24 executing program 2: mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1578.108442][ T25] audit: type=1804 audit(1571917764.718:2099): pid=21496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/943/bus" dev="sda1" ino=16841 res=1 11:49:24 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x4b) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1579.076719][ T25] audit: type=1804 audit(1571917765.648:2100): pid=21654 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/944/bus" dev="sda1" ino=16791 res=1 11:49:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:26 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1580.131816][ T25] audit: type=1804 audit(1571917766.738:2101): pid=21948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/945/bus" dev="sda1" ino=16741 res=1 11:49:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5d) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:28 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:28 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:28 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:28 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1582.237505][ T25] audit: type=1804 audit(1571917768.848:2102): pid=22439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/947/bus" dev="sda1" ino=16682 res=1 11:49:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:29 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11:49:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:29 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, 0x0) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:29 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:30 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, 0x0) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:30 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1584.278463][ T25] audit: type=1804 audit(1571917770.888:2103): pid=22904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/949/bus" dev="sda1" ino=16798 res=1 11:49:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:31 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, 0x0) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:31 executing program 0: dup2(0xffffffffffffffff, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='security.SMACK64IPOUT\x00', &(0x7f00000002c0)='IPVS\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 11:49:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1585.214701][ T25] audit: type=1804 audit(1571917771.828:2104): pid=23412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/950/bus" dev="sda1" ino=16660 res=1 11:49:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:32 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:32 executing program 0: dup2(0xffffffffffffffff, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='security.SMACK64IPOUT\x00', &(0x7f00000002c0)='IPVS\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 11:49:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1586.069708][ T25] audit: type=1804 audit(1571917772.678:2105): pid=23551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/951/bus" dev="sda1" ino=16840 res=1 11:49:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:33 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1587.289928][ T25] audit: type=1804 audit(1571917773.898:2106): pid=23789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/952/bus" dev="sda1" ino=16842 res=1 11:49:34 executing program 0: dup2(0xffffffffffffffff, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='security.SMACK64IPOUT\x00', &(0x7f00000002c0)='IPVS\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 11:49:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:34 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1588.465571][ T25] audit: type=1804 audit(1571917775.068:2107): pid=23912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/953/bus" dev="sda1" ino=16627 res=1 11:49:35 executing program 0: dup2(0xffffffffffffffff, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='security.SMACK64IPOUT\x00', &(0x7f00000002c0)='IPVS\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 11:49:35 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1588.913101][ T1882] device bridge_slave_1 left promiscuous mode [ 1588.929926][ T1882] bridge0: port 2(bridge_slave_1) entered disabled state 11:49:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1589.013485][ T1882] device bridge_slave_0 left promiscuous mode [ 1589.019880][ T1882] bridge0: port 1(bridge_slave_0) entered disabled state 11:49:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1589.192956][ T1882] device hsr_slave_0 left promiscuous mode [ 1589.216106][ T25] audit: type=1804 audit(1571917775.828:2108): pid=24035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/954/bus" dev="sda1" ino=16541 res=1 [ 1589.252668][ T1882] device hsr_slave_1 left promiscuous mode 11:49:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1589.322535][ T1882] team0 (unregistering): Port device team_slave_1 removed [ 1589.362549][ T25] audit: type=1804 audit(1571917775.888:2109): pid=24032 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/954/bus" dev="sda1" ino=16541 res=1 [ 1589.417549][ T1882] team0 (unregistering): Port device team_slave_0 removed [ 1589.489939][ T1882] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface 11:49:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1589.570808][ T1882] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface 11:49:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:36 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1589.819096][ T1882] bond0 (unregistering): Released all slaves [ 1590.050888][ T25] audit: type=1804 audit(1571917776.658:2110): pid=24138 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/955/bus" dev="sda1" ino=16589 res=1 11:49:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1592.073408][T24279] IPVS: ftp: loaded support on port[0] = 21 [ 1592.131843][T24279] chnl_net:caif_netlink_parms(): no params data found [ 1592.162597][T24279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1592.169677][T24279] bridge0: port 1(bridge_slave_0) entered disabled state [ 1592.177642][T24279] device bridge_slave_0 entered promiscuous mode [ 1592.185097][T24279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1592.192139][T24279] bridge0: port 2(bridge_slave_1) entered disabled state [ 1592.200017][T24279] device bridge_slave_1 entered promiscuous mode [ 1592.219040][T24279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1592.229440][T24279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1592.250371][T24279] team0: Port device team_slave_0 added [ 1592.257055][T24279] team0: Port device team_slave_1 added [ 1592.315545][T24279] device hsr_slave_0 entered promiscuous mode [ 1592.352896][T24279] device hsr_slave_1 entered promiscuous mode [ 1592.401134][T24279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1592.408240][T24279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1592.415631][T24279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1592.422745][T24279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1592.464067][T24279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1592.477104][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1592.485890][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state [ 1592.504557][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state [ 1592.514667][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1592.527575][T24279] 8021q: adding VLAN 0 to HW filter on device team0 [ 1592.540386][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1592.549594][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1592.556716][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1592.574283][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1592.583056][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1592.590113][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1592.603427][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1592.612336][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1592.627075][T25246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1592.639154][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1592.652108][T24279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1592.664344][T24279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1592.673005][ T6143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1592.693591][T24279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1594.256196][T24288] bridge0: port 2(bridge_slave_1) entered disabled state [ 1594.263509][T24288] bridge0: port 1(bridge_slave_0) entered disabled state 11:49:42 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) getsockopt$bt_hci(r0, 0x0, 0x61, 0x0, &(0x7f0000d23000)) 11:49:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:42 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:42 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x10, 0x3, 0x4) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) [ 1595.964849][ T25] audit: type=1804 audit(1571917782.578:2111): pid=24306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/956/bus" dev="sda1" ino=16787 res=1 11:49:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1596.110073][ T25] audit: type=1804 audit(1571917782.718:2112): pid=24295 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/956/bus" dev="sda1" ino=16787 res=1 11:49:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:42 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:49:43 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1596.843308][ T2557] device bridge_slave_1 left promiscuous mode [ 1596.849642][ T2557] bridge0: port 2(bridge_slave_1) entered disabled state 11:49:43 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1596.943558][ T2557] device bridge_slave_0 left promiscuous mode [ 1596.955806][ T2557] bridge0: port 1(bridge_slave_0) entered disabled state [ 1597.024509][ T25] audit: type=1804 audit(1571917783.638:2113): pid=24522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/957/bus" dev="sda1" ino=16820 res=1 [ 1597.148984][ T2557] device hsr_slave_0 left promiscuous mode 11:49:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1597.192720][ T2557] device hsr_slave_1 left promiscuous mode 11:49:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1597.298147][ T2557] team0 (unregistering): Port device team_slave_1 removed [ 1597.365582][ T2557] team0 (unregistering): Port device team_slave_0 removed [ 1597.474856][ T2557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface 11:49:44 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1597.586908][ T2557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface 11:49:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1597.943357][ T2557] bond0 (unregistering): Released all slaves [ 1598.147552][ T25] audit: type=1804 audit(1571917784.758:2114): pid=24955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/958/bus" dev="sda1" ino=16564 res=1 [ 1599.689505][T25170] IPVS: ftp: loaded support on port[0] = 21 [ 1599.749169][T25170] chnl_net:caif_netlink_parms(): no params data found [ 1599.778907][T25170] bridge0: port 1(bridge_slave_0) entered blocking state [ 1599.786102][T25170] bridge0: port 1(bridge_slave_0) entered disabled state [ 1599.797426][T25170] device bridge_slave_0 entered promiscuous mode [ 1599.804929][T25170] bridge0: port 2(bridge_slave_1) entered blocking state [ 1599.812033][T25170] bridge0: port 2(bridge_slave_1) entered disabled state [ 1599.820291][T25170] device bridge_slave_1 entered promiscuous mode [ 1599.839267][T25170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1599.849914][T25170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1599.870368][T25170] team0: Port device team_slave_0 added [ 1599.877000][T25170] team0: Port device team_slave_1 added [ 1599.935501][T25170] device hsr_slave_0 entered promiscuous mode [ 1599.972850][T25170] device hsr_slave_1 entered promiscuous mode [ 1600.049786][T25170] bridge0: port 2(bridge_slave_1) entered blocking state [ 1600.056886][T25170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1600.064200][T25170] bridge0: port 1(bridge_slave_0) entered blocking state [ 1600.071420][T25170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1600.108851][T25170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1600.120813][T25362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1600.129431][T25362] bridge0: port 1(bridge_slave_0) entered disabled state [ 1600.137681][T25362] bridge0: port 2(bridge_slave_1) entered disabled state [ 1600.147029][T25362] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1600.159572][T25170] 8021q: adding VLAN 0 to HW filter on device team0 [ 1600.171868][T25246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1600.180842][T25246] bridge0: port 1(bridge_slave_0) entered blocking state [ 1600.187913][T25246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1600.206365][T25362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1600.215163][T25362] bridge0: port 2(bridge_slave_1) entered blocking state [ 1600.222176][T25362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1600.244651][T24524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1600.254354][T24524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1600.264172][T24524] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1600.272778][T24524] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1600.281473][T24524] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1600.294312][T25170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1600.315562][T25170] 8021q: adding VLAN 0 to HW filter on device batadv0 11:49:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:49:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1602.644726][ T25] audit: type=1804 audit(1571917789.258:2115): pid=25199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/959/bus" dev="sda1" ino=16887 res=1 11:49:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1603.619671][ T25] audit: type=1804 audit(1571917790.228:2116): pid=25335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/960/bus" dev="sda1" ino=16896 res=1 11:49:52 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:49:52 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:52 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:52 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1605.847780][ T25] audit: type=1804 audit(1571917792.458:2117): pid=25461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/961/bus" dev="sda1" ino=16916 res=1 11:49:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:52 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:52 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1606.689043][ T25] audit: type=1804 audit(1571917793.298:2118): pid=25591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/962/bus" dev="sda1" ino=16910 res=1 11:49:55 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:49:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:55 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:55 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1609.118809][ T25] audit: type=1804 audit(1571917795.728:2119): pid=25730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/963/bus" dev="sda1" ino=16949 res=1 11:49:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:56 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1609.932655][ T25] audit: type=1804 audit(1571917796.528:2120): pid=25853 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/964/bus" dev="sda1" ino=16949 res=1 [ 1610.059035][ T25] audit: type=1804 audit(1571917796.578:2121): pid=25850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/964/bus" dev="sda1" ino=16949 res=1 11:49:58 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:49:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:58 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:49:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:58 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1612.253019][ T25] audit: type=1804 audit(1571917798.858:2122): pid=25963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/965/bus" dev="sda1" ino=16970 res=1 11:49:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:59 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, 0x0, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:49:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:49:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1613.088378][ T25] audit: type=1804 audit(1571917799.698:2123): pid=26102 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/966/bus" dev="sda1" ino=16528 res=1 11:50:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_RELDISP(r7, 0x5605) 11:50:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:01 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:01 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, 0x0, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1615.377331][ T25] audit: type=1804 audit(1571917801.988:2124): pid=26129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/967/bus" dev="sda1" ino=17186 res=1 11:50:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1615.516859][ T25] audit: type=1804 audit(1571917802.038:2125): pid=26123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/967/bus" dev="sda1" ino=17186 res=1 11:50:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:02 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, 0x0, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1616.313753][ T25] audit: type=1804 audit(1571917802.928:2126): pid=26262 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/968/bus" dev="sda1" ino=16920 res=1 11:50:04 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r7, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) 11:50:04 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:04 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1618.572229][ T25] audit: type=1804 audit(1571917805.168:2127): pid=26279 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/969/bus" dev="sda1" ino=16980 res=1 11:50:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:05 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1619.367732][ T25] audit: type=1804 audit(1571917805.978:2128): pid=26413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/970/bus" dev="sda1" ino=16940 res=1 11:50:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) 11:50:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1621.731859][ T25] audit: type=1804 audit(1571917808.338:2129): pid=26441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/971/bus" dev="sda1" ino=17043 res=1 11:50:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1622.570588][ T25] audit: type=1804 audit(1571917809.148:2130): pid=26668 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/972/bus" dev="sda1" ino=16990 res=1 11:50:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) 11:50:11 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:11 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1624.875305][ T25] audit: type=1804 audit(1571917811.488:2131): pid=26794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/973/bus" dev="sda1" ino=17474 res=1 11:50:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:11 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1625.749002][ T25] audit: type=1804 audit(1571917812.358:2132): pid=26832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/974/bus" dev="sda1" ino=17011 res=1 11:50:14 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) 11:50:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:14 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1627.937529][ T25] audit: type=1804 audit(1571917814.548:2133): pid=27058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/975/bus" dev="sda1" ino=16802 res=1 11:50:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:14 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1628.729155][ T25] audit: type=1804 audit(1571917815.338:2134): pid=27079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/976/bus" dev="sda1" ino=16961 res=1 11:50:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() 11:50:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:17 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:50:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 1631.290001][ T25] audit: type=1804 audit(1571917817.898:2135): pid=27117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/977/bus" dev="sda1" ino=17041 res=1 11:50:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:18 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:18 executing program 1: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x80) accept4(r3, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) getegid() recvmmsg(r2, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat(r4, 0x0, 0x0, 0x0) ioctl$VT_RELDISP(0xffffffffffffffff, 0x5605) syz_genetlink_get_family_id$ipvs(0x0) 11:50:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x1}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@loopback, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xfed0) 11:50:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:18 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='task\x00') getdents64(r0, &(0x7f0000000040)=""/99, 0x63) socket$inet(0x2, 0x0, 0x0) getdents64(r0, &(0x7f00000003c0)=""/78, 0x23ce) [ 1632.319283][ T25] audit: type=1804 audit(1571917818.928:2136): pid=27237 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/978/bus" dev="sda1" ino=16999 res=1 11:50:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000000c0)=""/97, 0x61, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 11:50:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:19 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:19 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) write$FUSE_STATFS(r1, &(0x7f0000000180)={0x60}, 0x60) 11:50:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000000c0)=""/97, 0x61, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) [ 1633.073513][ T25] audit: type=1804 audit(1571917819.688:2137): pid=27538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/979/bus" dev="sda1" ino=17029 res=1 11:50:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:50:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000000c0)=""/97, 0x61, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 11:50:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 11:50:20 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:20 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) accept4$unix(r0, 0x0, 0x0, 0x0) 11:50:20 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x7cd97198ffceeca1, 0x0, 0x0, 0xffffffffffffffae) io_setup(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat(0xffffffffffffffff, 0x0, 0x4c841, 0x0) io_cancel(0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'lo\x00', 0x101}) read(r0, &(0x7f00000001c0)=""/244, 0xffffff52) 11:50:20 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000800)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000000000000480000000000000095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13050000000000000026fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550bdfd70800c86ae3b3e05df3ceb9fc464c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f597eba9ffab3e05379e5aeb0597a13b3e22278d00031e5388ee5c867ddd58211d4ececb0cd2b6d357b8580218ce740068725837074e468ee23fcf49822775985bf31b715f5888b2153052ccb1a78a8b2b8c6ef48a71221ce3c601db96fe1a90374b8f883a2db630e0af6e80187cbebd5bbd6208bc064baef219787e784c3b12011ae7cd2b75614b4e9373fcf51814d5d4d3527268f50ce374341e30bc2400f8d1ef6358410c93e83d6536e43cc941f2102666d4c415a52e1b0866cf541dde3217e14531cfb7df6594b4b056358ab807dd0f5c84fbe550f97168660aa6da2fb008a76bde511a974fabb5fbc50bdd02a390e0922edef93ed7ecbe09666f61b8bd31df5326ce7218b73653e91f9f799a2c827548e5f83874dff41119430ae77c7441e71bb9307a3dafb12f2611ad360de54e480f9f4cf018aaafb4be34275c2f253321577fb043fae52142f06803cec4d7d5f2d53eb18eee0338516f9cc529d0bd0b4380c2b959e47ee5000000000000bedabcbe04ba213dbccf7220cb4916a8596c957f5ba640baafe38fdc281f00d12808c48325b67c55c80882e44631f2b5bfafc3c11b376fd1ddfe1a0e03ad23e9f7138a31191abd0eaff2b8bd9378f9e0b4c28aacb12aa3e40842019002bc39b53ed8091e492fc044043b66e99d7c29c360f5737af43aa0e5d541"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='\x00\x00\x00\b\x00', 0x28002, 0x0) fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000240)=0x3) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f0000000100)) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) r5 = socket(0x18, 0x0, 0x4) r6 = socket(0x2, 0x1, 0x0) r7 = dup2(r6, r5) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000040)) r8 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r8, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r8, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self\x00', 0x82040, 0x0) epoll_ctl$EPOLL_CTL_DEL(r7, 0x2, r9) [ 1633.911498][ T25] audit: type=1804 audit(1571917820.518:2138): pid=27730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/980/bus" dev="sda1" ino=17074 res=1 [ 1634.009836][ T25] audit: type=1804 audit(1571917820.578:2139): pid=27712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/980/bus" dev="sda1" ino=17074 res=1 11:50:20 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x7cd97198ffceeca1, 0x0, 0x0, 0xffffffffffffffae) io_setup(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat(0xffffffffffffffff, 0x0, 0x4c841, 0x0) io_cancel(0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'lo\x00', 0x101}) read(r0, &(0x7f00000001c0)=""/244, 0xffffff52) 11:50:20 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:20 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000800)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000000000000480000000000000095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13050000000000000026fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550bdfd70800c86ae3b3e05df3ceb9fc464c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f597eba9ffab3e05379e5aeb0597a13b3e22278d00031e5388ee5c867ddd58211d4ececb0cd2b6d357b8580218ce740068725837074e468ee23fcf49822775985bf31b715f5888b2153052ccb1a78a8b2b8c6ef48a71221ce3c601db96fe1a90374b8f883a2db630e0af6e80187cbebd5bbd6208bc064baef219787e784c3b12011ae7cd2b75614b4e9373fcf51814d5d4d3527268f50ce374341e30bc2400f8d1ef6358410c93e83d6536e43cc941f2102666d4c415a52e1b0866cf541dde3217e14531cfb7df6594b4b056358ab807dd0f5c84fbe550f97168660aa6da2fb008a76bde511a974fabb5fbc50bdd02a390e0922edef93ed7ecbe09666f61b8bd31df5326ce7218b73653e91f9f799a2c827548e5f83874dff41119430ae77c7441e71bb9307a3dafb12f2611ad360de54e480f9f4cf018aaafb4be34275c2f253321577fb043fae52142f06803cec4d7d5f2d53eb18eee0338516f9cc529d0bd0b4380c2b959e47ee5000000000000bedabcbe04ba213dbccf7220cb4916a8596c957f5ba640baafe38fdc281f00d12808c48325b67c55c80882e44631f2b5bfafc3c11b376fd1ddfe1a0e03ad23e9f7138a31191abd0eaff2b8bd9378f9e0b4c28aacb12aa3e40842019002bc39b53ed8091e492fc044043b66e99d7c29c360f5737af43aa0e5d541"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='\x00\x00\x00\b\x00', 0x28002, 0x0) fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000240)=0x3) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f0000000100)) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) r5 = socket(0x18, 0x0, 0x4) r6 = socket(0x2, 0x1, 0x0) r7 = dup2(r6, r5) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000000040)) r8 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r8, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r8, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self\x00', 0x82040, 0x0) epoll_ctl$EPOLL_CTL_DEL(r7, 0x2, r9) 11:50:20 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x48, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:21 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:21 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 11:50:21 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1634.781161][ T25] audit: type=1804 audit(1571917821.388:2140): pid=28246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/981/bus" dev="sda1" ino=16874 res=1 11:50:21 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:21 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x48, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:22 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:22 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) accept4(r4, 0x0, 0x0, 0x0) [ 1635.864318][ T25] audit: type=1804 audit(1571917822.478:2141): pid=28476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/982/bus" dev="sda1" ino=16535 res=1 11:50:22 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:22 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:22 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x48, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:23 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1636.860695][ T25] audit: type=1804 audit(1571917823.468:2142): pid=28709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/983/bus" dev="sda1" ino=16535 res=1 11:50:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:23 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:23 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x80) 11:50:23 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:23 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:24 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:24 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:24 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:24 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1637.836931][ T25] audit: type=1804 audit(1571917824.448:2143): pid=28842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/984/bus" dev="sda1" ino=17092 res=1 [ 1637.956003][ T25] audit: type=1804 audit(1571917824.498:2144): pid=28840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/984/bus" dev="sda1" ino=17092 res=1 11:50:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:24 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:24 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) 11:50:24 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:25 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:25 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:25 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1638.825830][ T25] audit: type=1804 audit(1571917825.438:2145): pid=28979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/985/bus" dev="sda1" ino=16998 res=1 11:50:25 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:25 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:25 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:25 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:26 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 2: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 11:50:26 executing program 2: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1639.747645][ T25] audit: type=1804 audit(1571917826.328:2146): pid=28995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/986/bus" dev="sda1" ino=17099 res=1 11:50:26 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:26 executing program 2: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:26 executing program 2: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1640.483565][ T25] audit: type=1804 audit(1571917827.098:2147): pid=29139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/987/bus" dev="sda1" ino=16977 res=1 11:50:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:27 executing program 3: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:27 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) timer_create(0x0, 0x0, &(0x7f00000009c0)) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:27 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:27 executing program 2: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:27 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:27 executing program 3: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:27 executing program 2: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:28 executing program 3: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:28 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1641.357174][ T25] audit: type=1804 audit(1571917827.968:2148): pid=29405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/988/bus" dev="sda1" ino=17104 res=1 11:50:28 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:28 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:28 executing program 2: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00), 0x1000) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:28 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1642.107120][ T25] audit: type=1804 audit(1571917828.718:2149): pid=29793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/989/bus" dev="sda1" ino=17097 res=1 11:50:28 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:28 executing program 2: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1642.204280][ T25] audit: type=1804 audit(1571917828.768:2150): pid=29709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/989/bus" dev="sda1" ino=17097 res=1 11:50:28 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:29 executing program 2: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:29 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) [ 1642.917258][ T25] audit: type=1804 audit(1571917829.518:2151): pid=29944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/990/bus" dev="sda1" ino=16999 res=1 11:50:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:29 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 3: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:29 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) 11:50:29 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:30 executing program 3: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:30 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:30 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) [ 1643.679476][ T25] audit: type=1804 audit(1571917830.288:2152): pid=30082 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/991/bus" dev="sda1" ino=17062 res=1 11:50:30 executing program 3: socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:30 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:30 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:30 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:30 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) [ 1644.365385][ T25] audit: type=1804 audit(1571917830.978:2153): pid=30101 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/992/bus" dev="sda1" ino=17066 res=1 11:50:31 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) [ 1644.496986][ T25] audit: type=1804 audit(1571917831.008:2154): pid=30099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/992/bus" dev="sda1" ino=17066 res=1 11:50:31 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:31 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:31 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:31 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) 11:50:31 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:31 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1645.115216][ T25] audit: type=1804 audit(1571917831.728:2155): pid=30136 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/993/bus" dev="sda1" ino=16997 res=1 11:50:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:31 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:31 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:32 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:32 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:32 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:32 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:32 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1645.905673][ T25] audit: type=1804 audit(1571917832.518:2156): pid=30167 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/994/bus" dev="sda1" ino=16998 res=1 11:50:32 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:32 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:32 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:33 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:33 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:33 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:33 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) 11:50:33 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) [ 1646.860898][ T25] audit: type=1804 audit(1571917833.458:2157): pid=30212 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/995/bus" dev="sda1" ino=17697 res=1 [ 1647.004249][ T25] audit: type=1804 audit(1571917833.488:2158): pid=30201 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/995/bus" dev="sda1" ino=17697 res=1 11:50:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:33 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:33 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) 11:50:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:34 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:34 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:34 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:34 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, 0x0, 0x0, 0x48048) 11:50:34 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:34 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:34 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) [ 1648.063585][ T25] audit: type=1804 audit(1571917834.678:2159): pid=30252 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/996/bus" dev="sda1" ino=17649 res=1 [ 1648.099289][ T25] audit: type=1804 audit(1571917834.678:2160): pid=30248 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/996/bus" dev="sda1" ino=17649 res=1 11:50:34 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:34 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:35 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400), 0x0, 0x48048) 11:50:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:35 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:35 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:35 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:35 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:35 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:35 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:35 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x48048) [ 1649.084448][ T25] audit: type=1804 audit(1571917835.698:2161): pid=30296 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/997/bus" dev="sda1" ino=17112 res=1 11:50:35 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:35 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:36 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:36 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:36 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x1, 0x48048) 11:50:36 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:36 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x48048) 11:50:36 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 1649.901464][ T25] audit: type=1804 audit(1571917836.508:2162): pid=30324 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/998/bus" dev="sda1" ino=17076 res=1 11:50:36 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:36 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:36 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:36 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:37 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x48048) 11:50:37 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) [ 1650.722738][ T25] audit: type=1804 audit(1571917837.338:2163): pid=30360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/999/bus" dev="sda1" ino=16998 res=1 [ 1650.810143][ T25] audit: type=1804 audit(1571917837.358:2164): pid=30357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/999/bus" dev="sda1" ino=16998 res=1 11:50:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x48048) 11:50:37 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x0) 11:50:37 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)) r1 = socket$inet(0x10, 0x3, 0x4) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:37 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x48048) 11:50:38 executing program 2: ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r0 = open(&(0x7f0000000080)='./file0\x00', 0x28001, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, 0x0) creat(0x0, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(0x0, 0x8000000000006000, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpuset.cpus\x00', 0x2, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x0) open$dir(0x0, 0x8000000000006000, 0x0) dup(0xffffffffffffffff) io_submit(0x0, 0x4, &(0x7f0000000780)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x3, 0x0, 0x2, r1}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0, 0x0]) open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x4000, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x10c9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x7, 0x182) sendfile(r3, r3, 0x0, 0x24000000) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) socket(0x840000000002, 0x3, 0x200000000000ff) geteuid() lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x5, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd435343a9cca", 0xc5, 0x1}, {&(0x7f0000000540)="8fd992cc0657a877f8ac406c1c7de6e294eee05999988a73a0e1a0fff1093969f2a89bbe5a54f735dafb4aa4cd5b3ccdeaf71c35700744ebcdae179d17af005662ebb4c105b0460a15e3298ae63e7d7f214c3d01c86492b26dd3538a0c31c53a9a5004b4d8f193837cdeac63cc475182c411f1b12c6ca67a40e9d21bea015a8d428099b069800b6f178ab869e517950c0970f73c1172e5b0f23dcd42ddfb3a2debdbb27e236ce179760dbd7d594159ea3d435d1e3c383118d885c9f639ab5e6ddd78280425e75b695c9f3fd48e3a1b330aec15abaf0c6d1d1cb0bee7ddc35aacbdb7ca6f5c725c2b007219a267b034", 0xef, 0xeb0}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d6d6978656428756e695f786c6174653d302c73686f72746e616d653d77696e39352c6e6f6e756d4661026c3d302cc8", @ANYRESDEC=r4, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4ebe28d30fcb4c7f46977bf9af907f63903b68fec83491f5211d2210a92dc9aa346ed28fc5cc6a4437c254ceebaaac5339a1fc9b37b2d30c2c4f25fe8e4b2f9c16dbcba09b6310ff44f96c465e2ffa382edef78da0a4db0460bc1462dcfc1e6caa90587bd497c3c9381b968baa835682c5eae60ec00809713ae25"]) getuid() ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000340)={0x0, {0x2, 0x0, @multicast1}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)='veth1_to_team\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x6, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd43534", 0xc2, 0x1}, {&(0x7f0000000500)="5fc050c1dda003e704ff0f2d802436199d6e61a6d0510b86ea33c2c956", 0x1d, 0x9}, {&(0x7f0000000540)="8fd992cc0657a877f8ac406c1c7de6e294eee05999988a73a0e1a0fff1093969f2a89bbe5a54f735dafb4aa4cd5b3ccdeaf71c35700744ebcdae179d17af005662ebb4c105b0460a15e3298ae63e7d7f214c3d01c86492b26dd3538a0c31c53a9a5004b4d8f193837cdeac63cc475182c411f1b12c6ca67a40e9d21bea015a8d428099b069800b6f178ab869e517950c0970f73c1172e5b0f23dcd42ddfb3a2debdbb27e236ce179760dbd7d594159ea3d435d1e3c383118d885c9f639ab5e6ddd78280425e75b695c9f3fd48e3a1b330aec15abaf0c6d1d1cb0bee7ddc35aacbdb7ca6f5c725c2b007219a267b034", 0xef, 0xeb0}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d6d6978656428756e695f786c6174653d302c73686f72746e616d653d77696e39352c6e6f6e756d4661026c3d302cc801000000000000653d6c6f7765722c657569643e", @ANYRESDEC=r5, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4"]) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000340)) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x6, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd435343a9cca", 0xc5, 0x1}, {&(0x7f0000000500)="5fc050c1dda003e704ff0f2d802436199d6e61a6d0510b86ea33c2c956c9cda8a3797d710a1f38f2d48a7b7875d2ee7340e1908bf7ce14dedc73", 0x3a, 0x9}, {&(0x7f0000000540)="8fd992cc0657a877f8ac406c1c7de6e294eee05999988a73a0e1a0fff1093969f2a89bbe5a54f735dafb4aa4cd5b3ccdeaf71c35700744ebcdae179d17af005662ebb4c105b0460a15e3298ae63e7d7f214c3d01c86492b26dd3538a0c31c53a9a5004b4d8f193837cdeac63cc475182c411f1b12c6ca67a40e9d21bea015a8d428099b069800b6f178ab869e517950c0970f73c1172e5b0f23dcd42ddfb3a2debdbb27e236ce179760dbd7d594159ea3d435d1e3c383118d885c9f639ab5e6ddd78280425e75b695c9f3fd48e3a1b330aec15abaf0c6d1d1cb0bee7ddc35aacbdb7ca6f5c725c2b007219a267b034", 0xef}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d6d6978656428756e695f786c6174653d302c73686f72746e616d653d77696e39352c6e6f6e756d4661026c3d302cc801000000000000653d6c6f7765722c657569643e", @ANYRESDEC=r6, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4ebe28d30fcb4c7f46977bf9af907f63903b68fec83491f5211d2210a92dc9aa346ed28fc5cc6a4437c254ceebaaac5339a1fc9b37b2d30c2c4f25fe8e4b2f9c16dbcba09b6310ff44f96c465e2ffa382edef78da0a4db0460bc1462dcfc1e6caa90587bd497c3c9381bd68baa835682c5eae60ec00809713ae25"]) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, &(0x7f0000000700)=0xc) fchownat(0xffffffffffffffff, &(0x7f0000000540)='./file0\x00', 0x0, r7, 0x100) getgroups(0x7, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, r7, 0x0, 0x0]) 11:50:38 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1651.794259][ T25] audit: type=1804 audit(1571917838.408:2165): pid=30401 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1000/bus" dev="sda1" ino=17873 res=1 11:50:38 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x0) [ 1651.902203][ T25] audit: type=1804 audit(1571917838.448:2166): pid=30390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1000/bus" dev="sda1" ino=17873 res=1 11:50:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0x4) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:38 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:39 executing program 2: 11:50:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:39 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:39 executing program 3: 11:50:39 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:39 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x48048) 11:50:39 executing program 2: [ 1652.986957][ T25] audit: type=1804 audit(1571917839.598:2167): pid=30535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1001/bus" dev="sda1" ino=17082 res=1 11:50:39 executing program 3: [ 1653.088897][ T25] audit: type=1804 audit(1571917839.668:2168): pid=30533 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1001/bus" dev="sda1" ino=17082 res=1 11:50:39 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:39 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x48048) 11:50:39 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:40 executing program 3: 11:50:40 executing program 2: 11:50:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:40 executing program 0: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:40 executing program 3: 11:50:40 executing program 2: 11:50:40 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x48048) [ 1653.936901][ T25] audit: type=1804 audit(1571917840.548:2169): pid=30561 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1002/bus" dev="sda1" ino=17076 res=1 11:50:40 executing program 3: 11:50:40 executing program 2: 11:50:40 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:40 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x48048) 11:50:41 executing program 0: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:41 executing program 3: 11:50:41 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:41 executing program 2: 11:50:41 executing program 0: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:41 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:41 executing program 3: 11:50:41 executing program 2: 11:50:41 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:41 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:42 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14}}], 0x48}}], 0x4000000000000d1, 0x48048) 11:50:42 executing program 3: [ 1655.550395][T30625] netlink: 'syz-executor.0': attribute type 29 has an invalid length. 11:50:42 executing program 2: [ 1655.592451][T30625] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1655.633227][T30625] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1655.662487][T30625] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1655.697537][ T25] audit: type=1804 audit(1571917842.308:2170): pid=30631 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1004/bus" dev="sda1" ino=17179 res=1 11:50:42 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) [ 1655.812626][ T25] audit: type=1804 audit(1571917842.388:2171): pid=30620 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1004/bus" dev="sda1" ino=17179 res=1 11:50:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:42 executing program 3: 11:50:42 executing program 2: 11:50:42 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:42 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x64, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:42 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) 11:50:42 executing program 3: [ 1656.276317][T30645] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1656.312689][T30645] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1656.336931][T30645] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1656.379268][T30645] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 11:50:43 executing program 2: 11:50:43 executing program 3: 11:50:43 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:43 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) 11:50:43 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x64, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1656.876366][T30669] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1656.930919][T30669] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1656.972656][T30669] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1656.980852][T30669] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 11:50:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:43 executing program 3: 11:50:43 executing program 2: 11:50:43 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) 11:50:43 executing program 0: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:44 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) [ 1657.406228][ T25] audit: type=1804 audit(1571917843.978:2172): pid=30675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1006/bus" dev="sda1" ino=17001 res=1 11:50:44 executing program 3: 11:50:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0) ioctl(r0, 0x6681, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0) 11:50:44 executing program 0: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:44 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x64, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:44 executing program 3: ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r0 = open(&(0x7f0000000080)='./file0\x00', 0x28001, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, 0x0) creat(0x0, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000) open$dir(0x0, 0x8000000000006000, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpuset.cpus\x00', 0x2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) open$dir(0x0, 0x8000000000006000, 0x0) dup(0xffffffffffffffff) io_submit(0x0, 0x4, &(0x7f0000000780)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x3, 0x0, 0x2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0, 0x0]) open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x4000, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x10c9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x7, 0x182) sendfile(r2, r2, 0x0, 0x24000000) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) socket(0x840000000002, 0x0, 0x200000000000ff) geteuid() lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x5, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd435343a9cca", 0xc5, 0x1}, {&(0x7f0000000540)="8fd992cc0657a877f8ac406c1c7de6e294eee05999988a73a0e1a0fff1093969f2a89bbe5a54f735dafb4aa4cd5b3ccdeaf71c35700744ebcdae179d17af005662ebb4c105b0460a15e3298ae63e7d7f214c3d01c86492b26dd3538a0c31c53a9a5004b4d8f193837cdeac63cc475182c411f1b12c6ca67a40e9d21bea015a8d428099b069800b6f178ab869e517950c0970f73c1172e5b0f23dcd42ddfb3a2debdbb27e236ce179760dbd7d594159ea3d435d1e3c383118d885c9f639ab5e6ddd78280425e75b695c9f3fd48e3a1b330aec15abaf0c6d1d1cb0bee7ddc35aacbdb7ca6f5c725c2b007219a267b034", 0xef, 0xeb0}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB, @ANYRESDEC=r3, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4ebe28d30fcb4c7f46977bf9af907f63903b68fec83491f5211d2210a92dc9aa346ed28fc5cc6a4437c254ceebaaac5339a1fc9b37b2d30c2c4f25fe8e4b2f9c16dbcba09b6310ff44f96c465e2ffa382edef78da0a4db0460bc1462dcfc1e6caa90587bd497c3c9381b968baa835682c5eae60ec00809713ae25"]) getuid() ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000340)={0x0, {0x2, 0x0, @multicast1}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)='veth1_to_team\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) lstat(&(0x7f0000000800)='./file0\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x6, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd43534", 0xc2, 0x1}, {&(0x7f0000000500)="5fc050c1dda003e704ff0f2d802436199d6e61a6d0510b86ea33c2c956", 0x1d, 0x9}, {&(0x7f0000000540), 0x0, 0xeb0}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d6d6978656428756e695f786c6174653d302c73686f72746e616d653d77696e39352c6e6f6e756d4661026c3d302cc801000000000000653d6c6f7765722c657569643e", @ANYRESDEC, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4"]) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000340)) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x3, 0x6, &(0x7f0000000740)=[{&(0x7f0000000300)="6a3518b0aeba5d9f23921f4868c88c2051a5153e57d911e667182d7bf5036eaf63b6f35f02579b4a84ddbd7b93b1633886190efb994bc6c028d28dcc26f65ae799da605b16ffe600a8e7ffbd33d776f18c39a36bd133c4e76f0fa54fa1c778842dfff6f7feb2bdfcb91045b8", 0x6c, 0x100}, {&(0x7f00000003c0), 0x0, 0x1}, {&(0x7f0000000400)="b0ce7e95a03813c3a103144918271e4263ac1fe8dd3dff74cdd53a39e86aa2f8dfd18e76ff921b0a063f337aeeee6c60f2d94f1314197c45879b22a81236ec77958175476f6a212930ef3c0f60713c18e751aa93d461e980b15c225bee2880ef54b716bcc39bce10491626b321c87e464c73ff7c0fa5649a90a885f47070c0b6dc336503ffd0a0d9aff79fa1ecab478fb3e86238a1b3c18418379a710f336c7d3344778e48065e3f08272b65822076fc0e39c4e1bfba9c25dd6c86037c96bdd435343a9cca", 0xc5, 0x1}, {&(0x7f0000000500)="5fc050c1dda003e704ff0f2d802436199d6e61a6d0510b86ea33c2c956c9cda8a3797d710a1f38f2d48a7b7875d2ee7340e1908bf7ce14dedc73", 0x3a, 0x9}, {&(0x7f0000000540)="8fd992cc0657a877f8ac406c1c7de6e294eee05999988a73a0e1a0fff1093969f2a89bbe5a54f735dafb4aa4cd5b3ccdeaf71c35700744ebcdae179d17af005662ebb4c105b0460a15e3298ae63e7d7f214c3d01c86492b26dd3538a0c31c53a9a5004b4d8f193837cdeac63cc475182c411f1b12c6ca67a40e9d21bea015a8d428099b069800b6f178ab869e517950c0970f73c1172e5b0f23dcd42ddfb3a2debdbb27e236ce179760dbd7d594159ea3d435d1e3c383118d885c9f639ab5e6ddd78280425e75b695c9f3fd48e3a1b330aec15abaf0c6d1d1cb0bee7ddc35aacbdb7ca6f5c725c2b007219a267b034", 0xef, 0xeb0}, {&(0x7f0000000640)="e97dcf101d7250fd5c243d5a069af8eb6e4218c1cad0f27c5bff8826edf083d754c33f521c26cee15122b7cf8b24c3170bb2d4c4d879480e41496336df81f62bd1fafd62c9144d12a2265d4949e8d4ffedbba77a2d3448c9289c833f9b507f1dd8852c9e2f57a59d63afea20b042d0b2e1a029c4461930dc9230d6434ef0259e86e5eb96463540ee2503cb014081c0f785716d3d92149079ba161b26b1f0769040baa8a6f5770648215749e7a547469a72ef296439e962aeda2f6a94e02f7d488656d4a30c6321", 0xc7, 0x1000}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d6d6978656428756e695f786c6174653d302c73686f72746e616d653d77696e39352c6e6f6e756d4661026c3d302cc801000000000000653d6c6f7765722c657569643e", @ANYRESDEC=r4, @ANYBLOB="0000ebc30791520f15baa0886bf3423b5c38fcc23f7f65f3beac1334dd82c1641b8d552e46506f4ec04e900c58764fe4cfbeeae86d1447a842e91b3fb261fbbe4854ed91bfc91e67d955cb7e86c5089fc9fa5b0eb7f3ec247b58eeb1d500000000000000000000000000000000fa7c325effa374cea52089d4ebe28d30fcb4c7f46977bf9af907f63903b68fec83491f5211d2210a92dc9aa346ed28fc5cc6a4437c254ceebaaac5339a1fc9b37b2d30c2c4f25fe8e4b2f9c16dbcba09b6310ff44f96c465e2ffa382edef78da0a4db0460bc1462dcfc1e6caa90587bd497c3c9381bd68baa835682c5eae60ec00809713ae25"]) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, &(0x7f0000000700)=0xc) fchownat(0xffffffffffffffff, &(0x7f0000000540)='./file0\x00', 0x0, r5, 0x100) getgroups(0x7, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, r5, 0x0, 0x0]) 11:50:44 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x30}}], 0x1, 0x48048) 11:50:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:45 executing program 0: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:45 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x10}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x40}}], 0x1, 0x48048) 11:50:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3414}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x0) ioctl(r0, 0x6681, 0x0) sendto$unix(0xffffffffffffffff, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0) 11:50:45 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x10}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x40}}], 0x1, 0x48048) 11:50:45 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) 11:50:45 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x38, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000140)=""/164) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000d000000000000000800", 0x1e) fcntl$getown(0xffffffffffffffff, 0x9) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, &(0x7f0000000240), 0x4) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000d00000000000000080009000d000000", 0x24) 11:50:45 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x10}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x40}}], 0x1, 0x48048) 11:50:45 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) [ 1659.404247][ T25] audit: type=1804 audit(1571917846.018:2173): pid=31050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1008/bus" dev="sda1" ino=17176 res=1 [ 1659.549756][ T25] audit: type=1804 audit(1571917846.118:2174): pid=31049 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1008/bus" dev="sda1" ino=17176 res=1 11:50:46 executing program 3: r0 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @random="192bce5e2dfb", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x8a, &(0x7f00000003c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x54, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x4000001d, 0x2, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0x13, 0xf989, "3712c49aca5ab117aee520724dcf05"}, @md5sig={0x13, 0x12, "d31c8190da8dfe461d135b075be2c1c4"}, @md5sig={0x13, 0x12, "5b3b4bc0ca96fcedefad47a621547516"}]}}}}}}}}, 0x0) 11:50:46 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x0) 11:50:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:46 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x64, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:46 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) 11:50:46 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x38, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:46 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x0) 11:50:46 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:46 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) [ 1660.432080][ T25] audit: type=1804 audit(1571917847.018:2175): pid=31278 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1009/bus" dev="sda1" ino=17151 res=1 11:50:47 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}], 0x48}}], 0x4000000000000d1, 0x0) 11:50:47 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x38, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:47 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:47 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) [ 1661.362191][ T25] audit: type=1804 audit(1571917847.968:2176): pid=31406 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1010/bus" dev="sda1" ino=17197 res=1 11:50:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 11:50:48 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) 11:50:48 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) 11:50:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:48 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:48 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x0) 11:50:49 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) [ 1662.544864][ T25] audit: type=1804 audit(1571917849.158:2177): pid=32069 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1011/bus" dev="sda1" ino=16564 res=1 11:50:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:49 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:49 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:49 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:50:49 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:49 executing program 3: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:49 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:50:50 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 1663.557380][ T25] audit: type=1804 audit(1571917850.158:2178): pid=32398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1012/bus" dev="sda1" ino=16737 res=1 11:50:50 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:50 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:50:50 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:50 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:50 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:50 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) 11:50:50 executing program 3: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1664.405477][ T25] audit: type=1804 audit(1571917851.018:2179): pid=363 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1013/bus" dev="sda1" ino=16867 res=1 11:50:51 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:51 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) 11:50:51 executing program 3: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:51 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:51 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:51 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) 11:50:51 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:51 executing program 3: r0 = socket$inet(0x10, 0x0, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 1665.301412][ T25] audit: type=1804 audit(1571917851.908:2180): pid=498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1014/bus" dev="sda1" ino=16525 res=1 11:50:52 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) 11:50:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:52 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:52 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:52 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) [ 1666.169351][ T725] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1666.201268][ T25] audit: type=1804 audit(1571917852.808:2181): pid=717 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1015/bus" dev="sda1" ino=16915 res=1 [ 1666.222509][ T725] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1666.257113][ T725] netlink: 'syz-executor.3': attribute type 29 has an invalid length. 11:50:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1666.309699][ T725] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 11:50:53 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:53 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) 11:50:53 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1666.651738][ T834] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1666.702479][ T834] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 11:50:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:53 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1666.761703][ T834] netlink: 'syz-executor.3': attribute type 29 has an invalid length. 11:50:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1666.833871][ T834] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 11:50:53 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:53 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) 11:50:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1667.280234][ T1058] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1667.296059][ T25] audit: type=1804 audit(1571917853.908:2182): pid=1051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1016/bus" dev="sda1" ino=16610 res=1 [ 1667.322599][ T1058] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 11:50:54 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) [ 1667.377326][ T1058] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1667.410882][ T1058] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 11:50:54 executing program 3: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:54 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x44, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:54 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:54 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) 11:50:54 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:54 executing program 3: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 1668.176539][ T25] audit: type=1804 audit(1571917854.788:2183): pid=1183 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1017/bus" dev="sda1" ino=17192 res=1 11:50:54 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) 11:50:55 executing program 3: socket$inet(0x10, 0x3, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:55 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x44, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:55 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) 11:50:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) [ 1669.020399][ T25] audit: type=1804 audit(1571917855.628:2184): pid=1418 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1018/bus" dev="sda1" ino=16737 res=1 11:50:55 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) 11:50:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:55 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) 11:50:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:56 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x44, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:56 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc88", 0x48}], 0x1}, 0x0) 11:50:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:56 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, 0x0, 0x0) [ 1669.916750][ T25] audit: type=1804 audit(1571917856.518:2185): pid=1502 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1019/bus" dev="sda1" ino=16546 res=1 11:50:56 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc88", 0x48}], 0x1}, 0x0) 11:50:56 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 11:50:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:56 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:57 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:57 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc88", 0x48}], 0x1}, 0x0) 11:50:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 11:50:57 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:57 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b07", 0x4a}], 0x1}, 0x0) [ 1670.833445][ T25] audit: type=1804 audit(1571917857.438:2186): pid=1915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1020/bus" dev="sda1" ino=17210 res=1 11:50:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) [ 1670.972792][ T25] audit: type=1804 audit(1571917857.478:2187): pid=1905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1020/bus" dev="sda1" ino=17210 res=1 11:50:57 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b07", 0x4a}], 0x1}, 0x0) 11:50:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) 11:50:57 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:50:58 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b07", 0x4a}], 0x1}, 0x0) 11:50:58 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) [ 1671.936274][ T25] audit: type=1804 audit(1571917858.548:2188): pid=2137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1021/bus" dev="sda1" ino=16491 res=1 11:50:58 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 11:50:58 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:58 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b0798", 0x4b}], 0x1}, 0x0) 11:50:58 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) [ 1672.289004][ T2191] netlink: 'syz-executor.1': attribute type 29 has an invalid length. 11:50:58 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1672.332588][ T2191] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1672.357175][ T2191] netlink: 'syz-executor.1': attribute type 29 has an invalid length. 11:50:59 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b0798", 0x4b}], 0x1}, 0x0) [ 1672.392716][ T2191] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 11:50:59 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:50:59 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:50:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1672.828087][ T25] audit: type=1804 audit(1571917859.438:2189): pid=2265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1022/bus" dev="sda1" ino=17222 res=1 11:50:59 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b0798", 0x4b}], 0x1}, 0x0) 11:50:59 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:50:59 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:00 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:00 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:00 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{0x0}], 0x1}, 0x0) 11:51:00 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:00 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:00 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) [ 1673.979156][ T25] audit: type=1804 audit(1571917860.588:2190): pid=2494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1023/bus" dev="sda1" ino=17208 res=1 11:51:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 1674.093020][ T25] audit: type=1804 audit(1571917860.698:2191): pid=2496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir502523819/syzkaller.GaERgm/74/bus" dev="sda1" ino=17231 res=1 11:51:00 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:01 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) 11:51:01 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1674.686431][ T25] audit: type=1804 audit(1571917861.298:2192): pid=2742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1024/bus" dev="sda1" ino=17228 res=1 [ 1674.850399][ T25] audit: type=1804 audit(1571917861.458:2193): pid=2738 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1024/bus" dev="sda1" ino=17228 res=1 11:51:01 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:01 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)}], 0x1}, 0x0) 11:51:01 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:02 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1675.390393][ T25] audit: type=1804 audit(1571917861.998:2194): pid=2748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir502523819/syzkaller.GaERgm/75/bus" dev="sda1" ino=17226 res=1 11:51:02 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) [ 1675.738471][ T25] audit: type=1804 audit(1571917862.348:2195): pid=2767 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1025/bus" dev="sda1" ino=17254 res=1 [ 1675.858050][ T25] audit: type=1804 audit(1571917862.458:2196): pid=2762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1025/bus" dev="sda1" ino=17254 res=1 11:51:02 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:02 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) 11:51:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:02 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:03 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc4", 0x26}], 0x1}, 0x0) 11:51:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:03 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1676.774964][ T25] audit: type=1804 audit(1571917863.358:2197): pid=3118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1026/bus" dev="sda1" ino=17264 res=1 [ 1676.908927][ T25] audit: type=1804 audit(1571917863.468:2198): pid=3114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1026/bus" dev="sda1" ino=17264 res=1 11:51:03 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) 11:51:03 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:03 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) 11:51:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:04 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x10, 0x3, 0x4) timer_create(0x0, &(0x7f0000000800)={0x0, 0x38, 0x0, @tid=0xffffffffffffffff}, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 1677.898159][ T25] audit: type=1804 audit(1571917864.508:2199): pid=3457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1027/bus" dev="sda1" ino=17189 res=1 11:51:04 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1678.033170][ T25] audit: type=1804 audit(1571917864.588:2200): pid=3390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1027/bus" dev="sda1" ino=17189 res=1 11:51:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c6", 0x39}], 0x1}, 0x0) 11:51:04 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:04 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x58, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:05 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) [ 1678.913219][ T25] audit: type=1804 audit(1571917865.528:2201): pid=3628 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1028/bus" dev="sda1" ino=17313 res=1 11:51:05 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) [ 1679.027376][ T25] audit: type=1804 audit(1571917865.568:2202): pid=3624 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1028/bus" dev="sda1" ino=17313 res=1 11:51:05 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:05 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x60, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x60}}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) 11:51:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf3", 0x43}], 0x1}, 0x0) 11:51:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 11:51:06 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000001140)='/dev/usbmon#\x00', 0x187d, 0x4000) socket$unix(0x1, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000001180)='/dev/loop#\x00', 0x0, 0x8800) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f00000011c0)='\xff\x00\x00\x01\x00', 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000001680)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000100"/21, @ANYRES32=r1, @ANYBLOB="000000000100000001000f12cb70000000000000000000000000000000000000508d7c55519b361d39d61779423235a150109933838a63f32e52261e58cb7c5bc208c2ff296b14", @ANYRES32=r2, @ANYBLOB="000000000000008000"/27, @ANYRES32]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = open(0x0, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYBLOB="c6292fdfe740aba82d39d236ab243347a178fb1fb08609f55c860b7274ce37fba681b500d0c814f800b8011a484e65b37e866369e0"], 0x5f) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)) lseek(0xffffffffffffffff, 0x0, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'/75, 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000040)) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x68, 0x0, 0x0, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4005}, 0x1) creat(&(0x7f0000001280)='./file1\x00', 0x24) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x65ce, &(0x7f00000019c0)) renameat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', r6, 0x0) r7 = creat(0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)) lseek(r7, 0x0, 0x3) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001100)) read$FUSE(r7, &(0x7f0000000100), 0x1000) [ 1679.898657][ T25] audit: type=1804 audit(1571917866.498:2203): pid=3864 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1029/bus" dev="sda1" ino=17295 res=1 11:51:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc88", 0x48}], 0x1}, 0x0) [ 1680.020474][ T25] audit: type=1804 audit(1571917866.558:2204): pid=3856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir255591815/syzkaller.ZBK9I9/1029/bus" dev="sda1" ino=17295 res=1 [ 1680.213782][ T3768] ================================================================== [ 1680.221903][ T3768] BUG: KCSAN: data-race in pipe_wait / put_pipe_info [ 1680.228569][ T3768] [ 1680.230896][ T3768] read to 0xffff8881266ade8c of 4 bytes by task 3855 on cpu 0: [ 1680.238439][ T3768] pipe_wait+0xd7/0x140 [ 1680.242598][ T3768] pipe_write+0x3dd/0x970 [ 1680.246926][ T3768] new_sync_write+0x388/0x4a0 [ 1680.251598][ T3768] __vfs_write+0xb1/0xc0 [ 1680.255838][ T3768] vfs_write+0x18a/0x390 [ 1680.260075][ T3768] ksys_write+0xd5/0x1b0 [ 1680.264315][ T3768] __x64_sys_write+0x4c/0x60 [ 1680.268907][ T3768] do_syscall_64+0xcc/0x370 [ 1680.273404][ T3768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1680.279286][ T3768] [ 1680.281610][ T3768] write to 0xffff8881266ade8c of 4 bytes by task 3768 on cpu 1: [ 1680.289322][ T3768] put_pipe_info+0x4d/0xb0 [ 1680.293754][ T3768] pipe_release+0x152/0x1b0 [ 1680.298281][ T3768] __fput+0x1e1/0x520 [ 1680.302257][ T3768] ____fput+0x1f/0x30 [ 1680.306237][ T3768] task_work_run+0xf6/0x130 [ 1680.310737][ T3768] exit_to_usermode_loop+0x2b4/0x2c0 [ 1680.316021][ T3768] do_syscall_64+0x353/0x370 [ 1680.320612][ T3768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1680.326486][ T3768] [ 1680.328807][ T3768] Reported by Kernel Concurrency Sanitizer on: [ 1680.334953][ T3768] CPU: 1 PID: 3768 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1680.342743][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1680.352789][ T3768] ================================================================== [ 1680.360861][ T3768] Kernel panic - not syncing: panic_on_warn set ... [ 1680.367965][ T3768] CPU: 1 PID: 3768 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1680.375758][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1680.385803][ T3768] Call Trace: [ 1680.389092][ T3768] dump_stack+0xf5/0x159 [ 1680.393335][ T3768] panic+0x210/0x640 [ 1680.397249][ T3768] ? vprintk_func+0x8d/0x140 [ 1680.401842][ T3768] kcsan_report.cold+0xc/0x10 [ 1680.406533][ T3768] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 1680.412078][ T3768] __tsan_write4+0x32/0x40 [ 1680.416521][ T3768] put_pipe_info+0x4d/0xb0 [ 1680.420935][ T3768] pipe_release+0x152/0x1b0 [ 1680.425432][ T3768] __fput+0x1e1/0x520 [ 1680.429414][ T3768] ? put_pipe_info+0xb0/0xb0 [ 1680.434009][ T3768] ____fput+0x1f/0x30 [ 1680.437992][ T3768] task_work_run+0xf6/0x130 [ 1680.442502][ T3768] exit_to_usermode_loop+0x2b4/0x2c0 [ 1680.447792][ T3768] do_syscall_64+0x353/0x370 [ 1680.452382][ T3768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1680.458268][ T3768] RIP: 0033:0x413a91 [ 1680.462165][ T3768] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1680.481772][ T3768] RSP: 002b:00007ffc4a4451d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1680.490180][ T3768] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413a91 [ 1680.498147][ T3768] RDX: 0000000000000000 RSI: ffffffff8493a215 RDI: 0000000000000004 [ 1680.506145][ T3768] RBP: 0000000000000001 R08: ffffffff81664ebf R09: 00000000f75de901 [ 1680.514130][ T3768] R10: 00007ffc4a4452b0 R11: 0000000000000293 R12: 000000000075c9a0 [ 1680.522095][ T3768] R13: 000000000075c9a0 R14: 0000000000760ec8 R15: 000000000075c07c [ 1680.530080][ T3768] ? policy_nodemask+0x1f/0x120 [ 1680.534938][ T3768] ? plist_del+0x155/0x290 [ 1680.540765][ T3768] Kernel Offset: disabled [ 1680.545154][ T3768] Rebooting in 86400 seconds..