314924][ T2766] usb 3-1: new high-speed USB device number 28 using dummy_hcd 12:32:37 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xf000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x2], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 684.574990][ T2766] usb 3-1: Using ep0 maxpacket: 8 [ 684.705136][ T2766] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 684.724846][ T2766] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 684.724875][ T2766] usb 3-1: New USB device found, idVendor=056a, idProduct=0304, bcdDevice= 0.00 [ 684.724892][ T2766] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.726064][ T2766] usb 3-1: config 0 descriptor?? [ 685.226184][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x2 [ 685.253947][ T2766] wacom 0003:056A:0304.0008: ignoring exceeding usage max [ 685.280697][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.339712][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.369895][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.397830][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.416170][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.433697][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.451881][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.468697][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.485124][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.492212][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.500186][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.507825][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.516008][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.523402][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.531284][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.539094][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.546926][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.569502][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.593032][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.613281][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.626688][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.647820][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.678236][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.702878][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.721290][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.728968][ T2766] wacom 0003:056A:0304.0008: unknown main item tag 0x0 [ 685.757360][ T2766] wacom 0003:056A:0304.0008: hidraw0: USB HID v0.00 Device [HID 056a:0304] on usb-dummy_hcd.2-1/input0 [ 685.798297][ T2766] usb 3-1: USB disconnect, device number 28 [ 686.314700][ T2766] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 686.564700][ T2766] usb 3-1: Using ep0 maxpacket: 8 [ 686.705330][ T2766] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.729980][ T2766] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.757844][ T2766] usb 3-1: New USB device found, idVendor=056a, idProduct=0304, bcdDevice= 0.00 [ 686.781222][ T2766] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.815457][ T2766] usb 3-1: config 0 descriptor?? 12:32:40 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = memfd_create(&(0x7f0000000280)='E\x87U\x9f.|\x81u\xfeE\xdb\x81~\xe4h\x18\xb2I\x9bHF\xe5\xdcpQ\xd8\xa6\x14\xeb\x9f\xfc\xf7\xb7\x01\x8d\xc3\xf3\x88\x8c\xd9_w\xb0p\x14&\xd8\x00\x00\x00\x00\xf9\x84\x90\xba\xd2\b\xe4h\xcd\xe5\xac\x03\x8dM\xae)6\x81\x14\xb8\x92\x00;\x8d\xb7\x8dW*\xc5\xa8z\x04H\xa3\x93K\x1cf#\xeb\xa9[\x8c{\x8e\xee\xd3 \x80QH\xe7\x92N\xdch\xc2\b\xd7\x87\xb1\x1b\x9d\x8c\xa3\xa19Z\\\x89Y\xe5\x03l\xb6\xb9-\xfc\xda\xadz\x81', 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000040)=ANY=[@ANYBLOB="ee6a0b537b2c314093c2b61b34136c39d34957740000000000000000000000000000f4ff0000000000000000000000000000000000000000b0cf9f48c2b9c80a38b13f880600005003000040040087c051160001c6"], 0x1) syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0)='NET_DM\x00') mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x9, 0x11, r2, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) prctl$PR_SET_DUMPABLE(0x4, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='attr/sockcreate\x00') 12:32:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) 12:32:40 executing program 4: sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="054a38", @ANYBLOB="6f6d216c7fb5c4d0840003000040581001800d00010075286f4b8197121acde2cb1974aa95ba873cb99eab9ebd3cfba1cc50ac084c003f295395db492012c6f9c9cd1716f325cbaa2b78561d9b3f4534138dae105115a279ce403224de91de00ae498c7ea80e0e58a6c69e2412ed294f87ffb6c844e865d0c43b63506f28947ce209f9c6bbbc08ca4b5d2d947146212bdebb79e3de334bbc1359edc64f56418c2323"], 0x3}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100686cca8000000000000200000002000000004000007a40000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4807, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$TCSETX(r0, 0x5433, &(0x7f0000000040)={0x5, 0x898, [0x7, 0x5, 0x3, 0xff7f, 0xd552], 0x9042}) 12:32:40 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(0x0, 0x0) close(r0) 12:32:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x3], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:40 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 687.106524][ T2766] usbhid 3-1:0.0: can't add hid device: -71 [ 687.112756][ T2766] usbhid: probe of 3-1:0.0 failed with error -71 [ 687.143950][T31292] EXT4-fs (loop4): Can't read superblock on 2nd try 12:32:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x4], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 687.160761][ T2766] usb 3-1: USB disconnect, device number 29 [ 687.168814][ T28] audit: type=1804 audit(1594038760.468:229): pid=31291 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/324/file0" dev="sda1" ino=15964 res=1 [ 687.227494][ T28] audit: type=1804 audit(1594038760.528:230): pid=31288 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/316/file0" dev="sda1" ino=15956 res=1 [ 687.263226][T31301] mkiss: ax12: crc mode is auto. 12:32:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) 12:32:40 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(0x0, 0x0) close(r0) 12:32:40 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b0000009c000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de01800000aaa6912a8b2ce571c4580000f7000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922033e3e0f242a46b3009a54f40780b089bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e27060493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892729507982d90e116bba29bb744af70a4cd8f3ad2db451de058226c4e31a27bf456c04c58bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec843bcea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd0600000000000000d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143ecfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd356e205585e30a64830a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d4326968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a9000000000000000000000000000000e02739ccd50523d36032d38f5cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7b9bae9b1698e19eb0e6d5244c1ff01e97628a88a4b37032f1ef8b8046a3237ad1fe10f7035489179fc8f6c673e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2818206ce5fba6fca8b270d76191b43ab4cbdd4dbcccdc644fe65e7bd90a5fc16387bcb5e1e028d7d2a33c78cb8fe48ddcf6adfc9417bd42909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9538eb067b21111dbaa58b19a52f3f12880128d08eb477ad349c2214bc7f8378b7e5b5415f3da911411ed6655c6b66beaf92e416313dfe58e88fbfa825114227c2f6cfd1448ca37902a5678af7277e6cde25737b058ba3ca60696bc1d4df56b6f544f57ddc35f3c1b5904def348912e1fefe8164c3341b91913718593085d2a9a260663c11f5484cad2de673f9a1fcac868ff6cb20122f76531881165f4d46e1a23ce0dc462ff47e1fb4a8e2a1f6e3b8134031eb29e068c831dc2d825b82749063a85bf6c1bcf4ccf798e49000000000000000000009e664603220bf1e47cfdc28f5cc38b3d66751a524081f961f3a6bec7b84976ae5fc7a8d29dc65277d3a47422bcf49b3f399fb3b10967ef66d63e4404d66f6ac1c6d0d57dd3e55dc62e58b25a34d1a482652315813e92188263a93f13dde4dd81dfe32af06f6f3fcd73789cc69925a3211955290f85e42dabf19d40f717edd7361ad3801f6642046376000000000000005581a3b65fc336f7011e6810cd8efb4cc5f6a2d89d6d2dee563cbe281ff8b0c285a1b8a99afbb2f4271dd4b0acf21fe6d837ed5c208970b52130b5a7e13d5465e9ec069c1b2e97d2c4cbf7b02a15c87bd23626c8ad221c62177dbeec3bbfc9203cd4d0e1b91cc2eaaa198d2815c5dda45f7fe16cf750d14ef045c8d84174f7744eafc2525359892d5a7f45126c09c1c1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) [ 687.376036][T31301] mkiss: ax12: crc mode is auto. [ 687.388021][T31292] EXT4-fs (loop4): Can't read superblock on 2nd try 12:32:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x5], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:40 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2880, 0x10) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000340)={0x8, @pix={0x100, 0x3, 0x41414770, 0x3, 0x3, 0x7, 0x6, 0xfffffff9, 0x0, 0x3, 0x2, 0x6}}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) r6 = socket$kcm(0x2, 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) dup2(0xffffffffffffffff, r8) ioctl$VIDIOC_DECODER_CMD(r8, 0xc0485660, &(0x7f0000000540)={0x2, 0x2, @raw_data=[0x200, 0x2, 0x1, 0x1000, 0x0, 0x29000, 0x5, 0x0, 0x40, 0x2, 0x1ff, 0x5, 0x2, 0x3e248a61, 0x3ff, 0x7]}) setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f00000002c0)=r5, 0x161) sendmsg$inet(r6, &(0x7f0000000240)={&(0x7f0000000300)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000001600)=[@ip_retopts={{0x10}}], 0x10, 0x5}, 0x0) recvfrom$netrom(r5, &(0x7f0000000440)=""/250, 0xfa, 0x140, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast]}, 0x48) [ 687.552298][ T28] audit: type=1804 audit(1594038760.848:231): pid=31337 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/325/file0" dev="sda1" ino=15971 res=1 12:32:40 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x11000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 687.605871][T31340] mkiss: ax12: crc mode is auto. 12:32:41 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(0x0, 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) [ 687.656215][ T28] audit: type=1804 audit(1594038760.918:232): pid=31338 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/317/file0" dev="sda1" ino=15978 res=1 12:32:41 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) [ 687.777014][T31353] mkiss: ax13: crc mode is auto. 12:32:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x6], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 687.854019][T31353] mkiss: ax13: crc mode is auto. [ 687.942155][ T28] audit: type=1804 audit(1594038761.238:233): pid=31372 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/326/file0" dev="sda1" ino=15952 res=1 12:32:41 executing program 4: r0 = socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup(r1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000040)=0x51f4, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000080)=0xc000, 0x4) recvmmsg(r0, &(0x7f0000002ec0), 0x29e, 0x1a, &(0x7f00000001c0)={0x77359400}) 12:32:41 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(0x0, 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) 12:32:41 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x7], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 688.249691][T31391] mkiss: ax13: crc mode is auto. 12:32:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x8], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:41 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b0000009c000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de01800000aaa6912a8b2ce571c4580000f7000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922033e3e0f242a46b3009a54f40780b089bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e27060493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892729507982d90e116bba29bb744af70a4cd8f3ad2db451de058226c4e31a27bf456c04c58bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec843bcea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd0600000000000000d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143ecfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd356e205585e30a64830a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d4326968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a9000000000000000000000000000000e02739ccd50523d36032d38f5cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7b9bae9b1698e19eb0e6d5244c1ff01e97628a88a4b37032f1ef8b8046a3237ad1fe10f7035489179fc8f6c673e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2818206ce5fba6fca8b270d76191b43ab4cbdd4dbcccdc644fe65e7bd90a5fc16387bcb5e1e028d7d2a33c78cb8fe48ddcf6adfc9417bd42909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9538eb067b21111dbaa58b19a52f3f12880128d08eb477ad349c2214bc7f8378b7e5b5415f3da911411ed6655c6b66beaf92e416313dfe58e88fbfa825114227c2f6cfd1448ca37902a5678af7277e6cde25737b058ba3ca60696bc1d4df56b6f544f57ddc35f3c1b5904def348912e1fefe8164c3341b91913718593085d2a9a260663c11f5484cad2de673f9a1fcac868ff6cb20122f76531881165f4d46e1a23ce0dc462ff47e1fb4a8e2a1f6e3b8134031eb29e068c831dc2d825b82749063a85bf6c1bcf4ccf798e49000000000000000000009e664603220bf1e47cfdc28f5cc38b3d66751a524081f961f3a6bec7b84976ae5fc7a8d29dc65277d3a47422bcf49b3f399fb3b10967ef66d63e4404d66f6ac1c6d0d57dd3e55dc62e58b25a34d1a482652315813e92188263a93f13dde4dd81dfe32af06f6f3fcd73789cc69925a3211955290f85e42dabf19d40f717edd7361ad3801f6642046376000000000000005581a3b65fc336f7011e6810cd8efb4cc5f6a2d89d6d2dee563cbe281ff8b0c285a1b8a99afbb2f4271dd4b0acf21fe6d837ed5c208970b52130b5a7e13d5465e9ec069c1b2e97d2c4cbf7b02a15c87bd23626c8ad221c62177dbeec3bbfc9203cd4d0e1b91cc2eaaa198d2815c5dda45f7fe16cf750d14ef045c8d84174f7744eafc2525359892d5a7f45126c09c1c1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) 12:32:41 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(0x0, 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) [ 688.422169][T31408] mkiss: ax12: crc mode is auto. 12:32:41 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) getsockopt$bt_hci(r5, 0x0, 0x3, &(0x7f0000000180)=""/156, &(0x7f0000000240)=0x9c) syz_mount_image$btrfs(&(0x7f0000000300)='btrfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000000c0)="8da4363ac0ed02000af9fdffff01004d010000000000172000007a000000006f00f6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff62300005f42485266535f4d4b2e22d73fb3eaf8e27854962e0b0000008000000000741319b5b2baf1a5ffffffff00000000bd84a2dffd44580146af02077af6e72ef5700d16965b51fe485250943a04612310ac113b046c9bdf0fbbe6d1b58cda36a61754be78ef7f98b258da0e64daa0f255f2e3aa3fdcf6dcdcbcf3afd60faff4", 0xbe, 0x10000}], 0x0, 0x0) 12:32:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x9], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 688.595960][ T28] audit: type=1804 audit(1594038761.898:234): pid=31421 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/328/file0" dev="sda1" ino=16115 res=1 [ 688.597473][T31427] mkiss: ax12: crc mode is auto. [ 688.629023][T31425] mkiss: ax13: crc mode is auto. 12:32:42 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) [ 688.665072][T31427] BTRFS: device fsid 00f6f2a2-2997-48ae-b81e-1b00b10efd9a devid 0 transid 17936345552730074699 /dev/loop4 scanned by syz-executor.4 (31427) 12:32:42 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) 12:32:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0xa], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:42 executing program 2: unshare(0x2000400) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x19, 0x5, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, r0, 0x0, 0x4}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0xfce, 0x0, 0xff, 0x6, 0x6}, 0xc) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="11072abd7000000000000a00000008000300", @ANYRES32=r4], 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r2, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x800}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) [ 688.941666][T31453] mkiss: ax12: crc mode is auto. 12:32:42 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1d000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x10], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 688.976003][T31453] BTRFS: device fsid 00f6f2a2-2997-48ae-b81e-1b00b10efd9a devid 0 transid 17936345552730074699 /dev/loop4 scanned by syz-executor.4 (31453) 12:32:42 executing program 2: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x28], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:42 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x5) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000680)='gtp\x00') sendmsg$GTP_CMD_NEWPDP(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14002000", @ANYRES16=r6, @ANYRES16], 0x14}}, 0x0) sendmsg$GTP_CMD_GETPDP(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r6, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010100}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000000) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) r9 = dup2(0xffffffffffffffff, r8) ioctl$TCFLSH(r9, 0x8926, 0x20000000) ioctl$TIOCSSOFTCAR(r9, 0x541a, &(0x7f0000000180)=0x81) 12:32:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x29], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 689.429285][T31486] mkiss: ax12: crc mode is auto. 12:32:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x33], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 689.513592][T31486] mkiss: ax12: crc mode is auto. 12:32:42 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1f000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:43 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) 12:32:43 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) 12:32:43 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xdb, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000)='threaded\x00', 0x248800) stat(0x0, 0x0) setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r3}, &(0x7f0000044000)) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x7, 0x81, 0x1f, 0x9, 0x0, 0x54d, 0x10000, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x1000c, 0x1ff, 0x3f0000, 0x0, 0x1000, 0x3ff, 0x5}, r3, 0x7, 0xffffffffffffffff, 0x2) 12:32:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x3a], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:43 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x20000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x800, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="39000000130009006900000000000000ab008000200000004600010707000014190001001000000800005068000000000000ef38bf461e59d7", 0x39}], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) 12:32:43 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x40000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 690.194720][T31522] bridge0: port 2(bridge_slave_1) entered disabled state 12:32:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x78], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000040)='./bus\x00', 0xb5) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2000000d}, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket(0x11, 0x800000003, 0x81) bind(r1, &(0x7f00000000c0)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c954"}, 0x80) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x4001, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r2, 0x0, 0x200fff) 12:32:43 executing program 4: syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000340)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000440)={0x0, 0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="050f0504"]}) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0xffff, 0x2) 12:32:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0xfc], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:43 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) 12:32:44 executing program 3 (fault-call:5 fault-nth:0): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x4f1f37caaa226c3, 0x70, 0x9, 0x0, 0x0, 0x2, 0x0, 0x7f, 0x2844, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = syz_open_dev$usbfs(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x77, 0x101001) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x80000001}) write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup2(r1, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000380)) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000580)='/dev/ocfs2_control\x00', 0x48201, 0x0) accept$ax25(r2, &(0x7f00000005c0)={{}, [@default, @netrom, @default, @default, @default, @remote, @null, @rose]}, &(0x7f0000000640)=0x48) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) 12:32:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0xff], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 690.836866][T31562] FAULT_INJECTION: forcing a failure. [ 690.836866][T31562] name failslab, interval 1, probability 0, space 0, times 0 [ 690.898875][T31562] CPU: 1 PID: 31562 Comm: syz-executor.3 Not tainted 5.8.0-rc3-syzkaller #0 [ 690.907582][T31562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.917730][T31562] Call Trace: [ 690.921032][T31562] dump_stack+0x18f/0x20d [ 690.925380][T31562] should_fail.cold+0x5/0x14 [ 690.929987][T31562] should_failslab+0x5/0xf [ 690.934418][T31562] kmem_cache_alloc+0x2a9/0x3b0 [ 690.935027][ T5] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 690.939412][T31562] getname_flags.part.0+0x50/0x4f0 [ 690.952065][T31562] getname+0x8e/0xd0 [ 690.955980][T31562] do_sys_openat2+0xf7/0x3b0 [ 690.960597][T31562] ? build_open_flags+0x650/0x650 [ 690.965639][T31562] ? wait_for_completion+0x260/0x260 [ 690.970936][T31562] ? __sb_end_write+0xf8/0x1d0 [ 690.975713][T31562] ? vfs_write+0x161/0x5d0 [ 690.980144][T31562] __x64_sys_creat+0xc9/0x120 [ 690.984833][T31562] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 690.990486][T31562] ? do_syscall_64+0x1c/0xe0 [ 690.995086][T31562] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 691.001075][T31562] ? trace_hardirqs_on+0x5f/0x220 [ 691.006200][T31562] do_syscall_64+0x60/0xe0 [ 691.010625][T31562] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 691.016521][T31562] RIP: 0033:0x45cb29 [ 691.020410][T31562] Code: Bad RIP value. [ 691.024476][T31562] RSP: 002b:00007fe162468c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 691.032896][T31562] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 691.040981][T31562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 12:32:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:44 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:44 executing program 2: clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x1, 0x0, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x8, 0x4, 0x8, 0x200}, 0x0, 0x7, 0xffffffffffffffff, 0x9) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x18, r1, 0xd16b4fcbed3536a5, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}}, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) ioctl$SG_GET_PACK_ID(r6, 0x227c, &(0x7f00000000c0)) r7 = socket(0x1d, 0x2, 0x7) bind$can_raw(r7, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) [ 691.048967][T31562] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 691.056947][T31562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 691.064922][T31562] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007fe1624696d4 [ 691.204371][ T5] usb 5-1: Using ep0 maxpacket: 16 12:32:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x2], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 691.242254][T31580] mkiss: ax12: crc mode is auto. 12:32:44 executing program 3 (fault-call:5 fault-nth:1): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 691.313419][T31587] mkiss: ax12: crc mode is auto. [ 691.324672][ T5] usb 5-1: unable to get BOS descriptor set 12:32:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x3], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 691.387804][T31600] FAULT_INJECTION: forcing a failure. [ 691.387804][T31600] name failslab, interval 1, probability 0, space 0, times 0 [ 691.404678][ T5] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 691.420102][ T5] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 691.441704][T31600] CPU: 0 PID: 31600 Comm: syz-executor.3 Not tainted 5.8.0-rc3-syzkaller #0 [ 691.450423][T31600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.460498][T31600] Call Trace: [ 691.463821][T31600] dump_stack+0x18f/0x20d [ 691.468183][T31600] should_fail.cold+0x5/0x14 [ 691.472785][T31600] should_failslab+0x5/0xf [ 691.477195][T31600] kmem_cache_alloc+0x2a9/0x3b0 [ 691.482061][T31600] __alloc_file+0x21/0x350 [ 691.486489][T31600] alloc_empty_file+0x6d/0x170 [ 691.491247][T31600] path_openat+0xe3/0x2750 [ 691.495656][T31600] ? __lock_acquire+0x16e3/0x56e0 [ 691.500684][T31600] ? path_lookupat+0x830/0x830 [ 691.505437][T31600] ? perf_trace_lock+0xeb/0x4a0 [ 691.510291][T31600] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 691.516278][T31600] ? __lockdep_free_key_range+0x110/0x110 [ 691.522021][T31600] ? lock_is_held_type+0xb0/0xe0 [ 691.526986][T31600] do_filp_open+0x17e/0x3c0 [ 691.531511][T31600] ? may_open_dev+0xf0/0xf0 [ 691.536104][T31600] ? __alloc_fd+0x28d/0x600 [ 691.540680][T31600] ? lock_downgrade+0x820/0x820 [ 691.545619][T31600] ? do_raw_spin_lock+0x120/0x2b0 [ 691.550658][T31600] ? rwlock_bug.part.0+0x90/0x90 [ 691.555624][T31600] ? _raw_spin_unlock+0x24/0x40 [ 691.560493][T31600] ? __alloc_fd+0x28d/0x600 [ 691.565039][T31600] do_sys_openat2+0x16f/0x3b0 [ 691.569746][T31600] ? build_open_flags+0x650/0x650 [ 691.574797][T31600] ? wait_for_completion+0x260/0x260 [ 691.580106][T31600] ? __sb_end_write+0xf8/0x1d0 [ 691.584887][T31600] ? vfs_write+0x161/0x5d0 [ 691.589326][T31600] __x64_sys_creat+0xc9/0x120 [ 691.594002][T31600] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 691.599627][T31600] ? do_syscall_64+0x1c/0xe0 [ 691.604215][T31600] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 691.610184][T31600] ? trace_hardirqs_on+0x5f/0x220 [ 691.615198][T31600] do_syscall_64+0x60/0xe0 [ 691.619604][T31600] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 691.625479][T31600] RIP: 0033:0x45cb29 [ 691.629362][T31600] Code: Bad RIP value. [ 691.633522][T31600] RSP: 002b:00007fe162468c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 691.641963][T31600] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 691.650058][T31600] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 691.658045][T31600] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 691.666029][T31600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 691.674014][T31600] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007fe1624696d4 [ 691.694244][ T5] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 691.858598][ T5] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 691.879226][ T5] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.893615][ T5] usb 5-1: Product: syz [ 691.901744][ T5] usb 5-1: Manufacturer: syz [ 691.921182][ T5] usb 5-1: SerialNumber: syz [ 692.274671][ T5] usb 5-1: 0:2 : does not exist [ 692.302242][ T5] usb 5-1: USB disconnect, device number 21 [ 692.964210][ T5] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 693.204217][ T5] usb 5-1: Using ep0 maxpacket: 16 [ 693.324479][ T5] usb 5-1: unable to get BOS descriptor set [ 693.404637][ T5] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 693.428896][ T5] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 693.504188][ T5] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 12:32:46 executing program 4: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r2, 0x2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f0000000b80)={&(0x7f0000000000)="0200000000000000", 0x8}}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/bsg\x00', 0x0, 0x0) bind$isdn_base(r3, &(0x7f0000000600)={0x22, 0x3, 0x7, 0xbc, 0x8}, 0x6) 12:32:46 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x4], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) write$FUSE_DIRENT(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="f8000000000000000500000000000000060000000000000000000000010000000000000001000000060000000000000002000000000000000d000000000000002f6465762f736e642f73657100000000050000000000000002000000000000000200000007000000212f0000000000000200000000000000020000000000000003000000060000005e2a2900000000000000000000000000040000000000000006000000200000002b2526b35b5d00000000000000000000ff030000000000000d0000fe000000002f6465762f736e642f736571000000000300000000000000ff000000000000000700000003000000de282c2d987d2a00"], 0xf8) read(r0, &(0x7f0000000080)=""/241, 0xf1) 12:32:46 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) 12:32:46 executing program 3 (fault-call:5 fault-nth:2): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:46 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4d010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 693.704243][ T5] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 693.741833][ T5] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.808244][ T5] usb 5-1: Product: syz [ 693.829476][T31694] FAULT_INJECTION: forcing a failure. [ 693.829476][T31694] name failslab, interval 1, probability 0, space 0, times 0 [ 693.848030][T31692] mkiss: ax12: crc mode is auto. [ 693.859364][T31697] vcan0: tx address claim with dest, not broadcast [ 693.894505][ T5] usb 5-1: can't set config #1, error -71 [ 693.912462][ T28] audit: type=1804 audit(1594038767.209:235): pid=31691 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/332/file0" dev="sda1" ino=16010 res=1 [ 693.920061][ T5] usb 5-1: USB disconnect, device number 22 [ 693.960204][T31694] CPU: 0 PID: 31694 Comm: syz-executor.3 Not tainted 5.8.0-rc3-syzkaller #0 [ 693.963210][T31708] vcan0: tx address claim with dest, not broadcast [ 693.968920][T31694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.968929][T31694] Call Trace: [ 693.968957][T31694] dump_stack+0x18f/0x20d [ 693.968985][T31694] should_fail.cold+0x5/0x14 [ 693.969012][T31694] should_failslab+0x5/0xf [ 693.969028][T31694] kmem_cache_alloc+0x2a9/0x3b0 12:32:47 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) [ 693.969055][T31694] __alloc_file+0x21/0x350 [ 693.969083][T31694] alloc_empty_file+0x6d/0x170 [ 693.969107][T31694] path_openat+0xe3/0x2750 [ 693.969124][T31694] ? __lock_acquire+0x16e3/0x56e0 [ 693.969158][T31694] ? path_lookupat+0x830/0x830 [ 693.969178][T31694] ? perf_trace_lock+0xeb/0x4a0 [ 694.035568][T31694] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 694.041585][T31694] ? __lockdep_free_key_range+0x110/0x110 [ 694.047338][T31694] ? lock_is_held_type+0xb0/0xe0 [ 694.052393][T31694] do_filp_open+0x17e/0x3c0 [ 694.056917][T31694] ? may_open_dev+0xf0/0xf0 [ 694.061449][T31694] ? __alloc_fd+0x28d/0x600 [ 694.065981][T31694] ? lock_downgrade+0x820/0x820 [ 694.066453][ T28] audit: type=1804 audit(1594038767.209:236): pid=31703 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/332/file0" dev="sda1" ino=16010 res=1 [ 694.070844][T31694] ? do_raw_spin_lock+0x120/0x2b0 [ 694.070863][T31694] ? rwlock_bug.part.0+0x90/0x90 [ 694.070892][T31694] ? _raw_spin_unlock+0x24/0x40 [ 694.070907][T31694] ? __alloc_fd+0x28d/0x600 [ 694.070939][T31694] do_sys_openat2+0x16f/0x3b0 [ 694.070957][T31694] ? build_open_flags+0x650/0x650 [ 694.070985][T31694] ? wait_for_completion+0x260/0x260 [ 694.127807][T31694] ? __sb_end_write+0xf8/0x1d0 [ 694.132600][T31694] ? vfs_write+0x161/0x5d0 [ 694.137045][T31694] __x64_sys_creat+0xc9/0x120 [ 694.141744][T31694] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 694.147524][T31694] ? do_syscall_64+0x1c/0xe0 [ 694.152136][T31694] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 694.158142][T31694] ? trace_hardirqs_on+0x5f/0x220 [ 694.163202][T31694] do_syscall_64+0x60/0xe0 [ 694.167644][T31694] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 694.168767][ T28] audit: type=1804 audit(1594038767.249:237): pid=31704 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/323/file0" dev="sda1" ino=16009 res=1 [ 694.173540][T31694] RIP: 0033:0x45cb29 [ 694.173548][T31694] Code: Bad RIP value. 12:32:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x5], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:47 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x64000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 694.173558][T31694] RSP: 002b:00007fe162468c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 694.173574][T31694] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 694.173585][T31694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 694.173595][T31694] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 694.173603][T31694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 694.173612][T31694] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007fe1624696d4 12:32:47 executing program 4: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r2, 0x2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f0000000b80)={&(0x7f0000000000)="0200000000000000", 0x8}}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/bsg\x00', 0x0, 0x0) bind$isdn_base(r3, &(0x7f0000000600)={0x22, 0x3, 0x7, 0xbc, 0x8}, 0x6) 12:32:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x6], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:47 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) [ 694.459151][T31728] vcan0: tx address claim with dest, not broadcast [ 694.480000][ T28] audit: type=1804 audit(1594038767.679:238): pid=31715 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/333/file0" dev="sda1" ino=16010 res=1 [ 694.509460][ T28] audit: type=1804 audit(1594038767.679:239): pid=31720 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/333/file0" dev="sda1" ino=16010 res=1 12:32:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000000000000000000003000000540000000000000000000000000000000006000b000000000006000f0000000000080009000000000006000e0000000000140001000000000000000000000000000000000006000b00000000000c000380080001000014000000000000000000"], 0x74}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2503000023000535d25a80648c63940d0624fc60100002400a000200051a82c137153e670402018003020000d1bd", 0x33fe0}], 0x1}, 0x0) 12:32:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x7], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 694.620450][T31692] mkiss: ax12: crc mode is auto. [ 694.666990][T31747] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 12:32:48 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 694.711867][ T28] audit: type=1804 audit(1594038768.009:240): pid=31735 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/334/file0" dev="sda1" ino=16008 res=1 [ 694.738207][T31747] netlink: 253 bytes leftover after parsing attributes in process `syz-executor.4'. 12:32:48 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x20000, 0x0) ioctl$EVIOCGREP(r5, 0x80084503, &(0x7f0000000340)=""/216) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'U+', 0xe23}, 0x16, 0x2) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x84ba1bab979f065f, 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x100, 0x10000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f00003e6000/0x18000)=nil, 0x0, 0x1d000080, 0x0, 0x0, 0x0) [ 694.816471][T31752] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 694.829702][ T28] audit: type=1804 audit(1594038768.009:241): pid=31746 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/334/file0" dev="sda1" ino=16008 res=1 12:32:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x8], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 694.890308][T31752] netlink: 253 bytes leftover after parsing attributes in process `syz-executor.4'. [ 694.963643][T31758] mkiss: ax12: crc mode is auto. 12:32:48 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x404}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x2710}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000d6cff0), 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000a00)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000280300000000000098010000000000009801000098010000100200009002000090020000900200009002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000010000000000000000000600000000000000300198010000000000000000000000000000000000000000c000737472696e67000000000000000000000000000000000000000000000001000000006b6d7000000000000000000000000000ea7c5e89c8401b46ee142a8d52160cbc0b726fe53e8538bbdadc9ddd538e5910669144ed8f5c28b865bd7239f20dcbc7c9a63f5f5cf9b0840bace7a91c206ab34ea211db749a7ebd146b29002d52bd7c314acfa1e784729b6eab7dcde83893eebf5420c4618cbea4171ed61cfbde838a517cdb269c92ba1ab99ff8fc1dc61f802700000000000000000000006800435400000000000000000000000000000000000000000000000000000002000000000000000000000000707074700000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000002800727066696c74657200000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280000000000000000000000000000e1ff000000000000000000000000000004feffffff7d52f43901c2"], 0x1) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = open(&(0x7f0000000080)='./file0\x00', 0x90000, 0x101) ioctl$KVM_NMI(r1, 0xae9a) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000044000)) tkill(r2, 0x15) connect$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x2, 0x2, 0x40, 0x6f, "1e7e419f7bd0db4661a8a070d9791e371b713af55149ae87bf15fb2120c16e86d8fc21af0f32856ba1d388a823e1b3a62306c9f58b46cf04759477da7338b3"}, 0x60) write$sndseq(0xffffffffffffffff, 0x0, 0x0) [ 694.986247][ T28] audit: type=1804 audit(1594038768.279:242): pid=31755 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/324/file0" dev="sda1" ino=15992 res=1 12:32:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x9], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 695.109488][ T28] audit: type=1804 audit(1594038768.279:243): pid=31761 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/324/file0" dev="sda1" ino=15992 res=1 12:32:48 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x6c010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:48 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x2) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:48 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0xa], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 695.267991][T31783] x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING 12:32:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x10], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 695.397101][T31783] x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 695.456485][ T28] audit: type=1804 audit(1594038768.759:244): pid=31789 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/325/file0" dev="sda1" ino=15997 res=1 12:32:48 executing program 0 (fault-call:5 fault-nth:0): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:48 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x28], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x30, r4, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, '\x00'}}}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r4, 0x737b9d82ab9a8066, 0x70bd28, 0x25dfdbfe, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'veth1_virt_wifi\x00'}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x57) r5 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) setregid(0x0, r7) chown(&(0x7f0000000180)='./file0\x00', 0x0, r7) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(&(0x7f0000000100)='\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000440)={{}, {0x1, 0x5}, [{0x2, 0x1}, {}, {0x2, 0x3}, {0x2, 0xf}, {0x2, 0x4}, {0x2, 0x3, r6}], {0x4, 0x1}, [{0x8, 0x7, r7}, {0x8, 0x4, 0xee00}, {0x8, 0x6, r8}], {0x10, 0x1}, {0x20, 0x1}}, 0x6c, 0x2) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="2e0000003200092fd22780648c6394fb0124fc0004000b400c000200d1bd00000000000a00"/46, 0x2e}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 12:32:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x29], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 695.704127][T31810] FAULT_INJECTION: forcing a failure. [ 695.704127][T31810] name failslab, interval 1, probability 0, space 0, times 0 [ 695.753830][T31810] CPU: 0 PID: 31810 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 695.762558][T31810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.763703][T31815] mkiss: ax12: crc mode is auto. [ 695.772739][T31810] Call Trace: [ 695.772767][T31810] dump_stack+0x18f/0x20d [ 695.772794][T31810] should_fail.cold+0x5/0x14 [ 695.772818][T31810] should_failslab+0x5/0xf [ 695.772837][T31810] kmem_cache_alloc+0x2a9/0x3b0 [ 695.772862][T31810] getname_flags.part.0+0x50/0x4f0 [ 695.772886][T31810] getname+0x8e/0xd0 [ 695.772905][T31810] do_sys_openat2+0xf7/0x3b0 [ 695.812887][T31810] ? build_open_flags+0x650/0x650 [ 695.817908][T31810] ? wait_for_completion+0x260/0x260 [ 695.823198][T31810] ? __sb_end_write+0xf8/0x1d0 [ 695.827976][T31810] ? vfs_write+0x161/0x5d0 [ 695.832411][T31810] __x64_sys_creat+0xc9/0x120 [ 695.837091][T31810] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 695.842717][T31810] ? do_syscall_64+0x1c/0xe0 [ 695.847309][T31810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 695.853293][T31810] ? trace_hardirqs_on+0x5f/0x220 [ 695.858343][T31810] do_syscall_64+0x60/0xe0 [ 695.862777][T31810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 695.868672][T31810] RIP: 0033:0x45cb29 [ 695.872561][T31810] Code: Bad RIP value. [ 695.876640][T31810] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 695.885189][T31810] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 695.893180][T31810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 695.901168][T31810] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 695.909152][T31810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 695.917264][T31810] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 12:32:51 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:51 executing program 0 (fault-call:5 fault-nth:1): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x33], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:51 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) ioctl$TCXONC(r3, 0x540a, 0x2) getpeername$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) ioctl$TIOCMGET(r6, 0x5415, &(0x7f0000000140)) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000100003077474fa14dfdbdfa65501a381", @ANYRES32=0x0, @ANYBLOB="7ffd0002810700001c0012000b0001006d616373656300e10b00020005000b00010000000a00054037000000fffe084808000a0009d3"], 0x50}}, 0x0) 12:32:51 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0xa}, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1}, 0x0, 0x7, r3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x704, &(0x7f0000000100)=[{&(0x7f0000000080)="4c000000120081ae08060c0f006b3f007f03e3f700000000000000ca1b4e0906a6bd7c493872f74a375ed08a56331dbf64705465ce960169381ad6e747033a0093ba446b9bbc7a06000000ff", 0x4c}], 0x1}, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r4, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0x1}, &(0x7f0000000140)=0x28) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x5) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) dup2(r7, r9) setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r9, 0x111, 0x4, 0x0, 0x4) [ 698.296818][T31952] mkiss: ax12: crc mode is auto. [ 698.316494][T31954] FAULT_INJECTION: forcing a failure. [ 698.316494][T31954] name failslab, interval 1, probability 0, space 0, times 0 [ 698.360176][T31952] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 698.368683][T31959] mkiss: ax13: crc mode is auto. [ 698.387525][T31954] CPU: 1 PID: 31954 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 698.396229][T31954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.406292][T31954] Call Trace: [ 698.409604][T31954] dump_stack+0x18f/0x20d [ 698.413971][T31954] should_fail.cold+0x5/0x14 [ 698.418582][T31954] should_failslab+0x5/0xf [ 698.423016][T31954] kmem_cache_alloc+0x2a9/0x3b0 [ 698.427886][T31954] __alloc_file+0x21/0x350 [ 698.432321][T31954] alloc_empty_file+0x6d/0x170 [ 698.437102][T31954] path_openat+0xe3/0x2750 [ 698.437435][T31952] device macsec1 entered promiscuous mode [ 698.441522][T31954] ? __lock_acquire+0x16e3/0x56e0 [ 698.441553][T31954] ? path_lookupat+0x830/0x830 [ 698.441571][T31954] ? perf_trace_lock+0xeb/0x4a0 [ 698.441587][T31954] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 698.441605][T31954] ? __lockdep_free_key_range+0x110/0x110 [ 698.473601][T31954] ? lock_is_held_type+0xb0/0xe0 [ 698.478561][T31954] do_filp_open+0x17e/0x3c0 [ 698.483083][T31954] ? may_open_dev+0xf0/0xf0 [ 698.487600][T31954] ? __alloc_fd+0x28d/0x600 [ 698.489131][T31952] device vlan0 entered promiscuous mode [ 698.492113][T31954] ? lock_downgrade+0x820/0x820 [ 698.492129][T31954] ? do_raw_spin_lock+0x120/0x2b0 [ 698.492144][T31954] ? rwlock_bug.part.0+0x90/0x90 [ 698.492167][T31954] ? _raw_spin_unlock+0x24/0x40 [ 698.492181][T31954] ? __alloc_fd+0x28d/0x600 [ 698.492203][T31954] do_sys_openat2+0x16f/0x3b0 [ 698.526495][T31954] ? build_open_flags+0x650/0x650 [ 698.531531][T31954] ? wait_for_completion+0x260/0x260 [ 698.536836][T31954] ? __sb_end_write+0xf8/0x1d0 [ 698.541614][T31954] ? vfs_write+0x161/0x5d0 [ 698.546048][T31954] __x64_sys_creat+0xc9/0x120 [ 698.550734][T31954] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 698.556383][T31954] ? do_syscall_64+0x1c/0xe0 [ 698.560991][T31954] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 698.566979][T31954] ? trace_hardirqs_on+0x5f/0x220 [ 698.572015][T31954] do_syscall_64+0x60/0xe0 [ 698.576449][T31954] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 698.582349][T31954] RIP: 0033:0x45cb29 [ 698.586240][T31954] Code: Bad RIP value. [ 698.590310][T31954] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 698.598814][T31954] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 698.606794][T31954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 698.614775][T31954] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 698.622757][T31954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 698.630743][T31954] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 [ 698.647594][T31952] device vlan0 left promiscuous mode 12:32:52 executing program 0 (fault-call:5 fault-nth:2): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:52 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x5) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 698.866666][T31979] FAULT_INJECTION: forcing a failure. [ 698.866666][T31979] name failslab, interval 1, probability 0, space 0, times 0 [ 698.898768][T31979] CPU: 0 PID: 31979 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 698.907598][T31979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.917671][T31979] Call Trace: [ 698.920979][T31979] dump_stack+0x18f/0x20d [ 698.925305][T31979] should_fail.cold+0x5/0x14 [ 698.929905][T31979] should_failslab+0x5/0xf [ 698.934338][T31979] kmem_cache_alloc+0x2a9/0x3b0 [ 698.939194][T31979] __alloc_file+0x21/0x350 [ 698.943611][T31979] alloc_empty_file+0x6d/0x170 [ 698.948385][T31979] path_openat+0xe3/0x2750 [ 698.952796][T31979] ? __lock_acquire+0x16e3/0x56e0 [ 698.957824][T31979] ? path_lookupat+0x830/0x830 [ 698.962700][T31979] ? perf_trace_lock+0xeb/0x4a0 [ 698.967543][T31979] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 698.973523][T31979] ? __lockdep_free_key_range+0x110/0x110 [ 698.979239][T31979] ? lock_is_held_type+0xb0/0xe0 [ 698.984190][T31979] do_filp_open+0x17e/0x3c0 [ 698.988685][T31979] ? may_open_dev+0xf0/0xf0 [ 698.993179][T31979] ? __alloc_fd+0x28d/0x600 [ 698.997684][T31979] ? lock_downgrade+0x820/0x820 [ 699.002541][T31979] ? do_raw_spin_lock+0x120/0x2b0 [ 699.007682][T31979] ? rwlock_bug.part.0+0x90/0x90 [ 699.012828][T31979] ? _raw_spin_unlock+0x24/0x40 [ 699.017692][T31979] ? __alloc_fd+0x28d/0x600 [ 699.022198][T31979] do_sys_openat2+0x16f/0x3b0 [ 699.026883][T31979] ? build_open_flags+0x650/0x650 [ 699.031901][T31979] ? wait_for_completion+0x260/0x260 [ 699.037180][T31979] ? __sb_end_write+0xf8/0x1d0 [ 699.041944][T31979] ? vfs_write+0x161/0x5d0 [ 699.046356][T31979] __x64_sys_creat+0xc9/0x120 [ 699.051024][T31979] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 699.056652][T31979] ? do_syscall_64+0x1c/0xe0 [ 699.061241][T31979] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 699.067227][T31979] ? trace_hardirqs_on+0x5f/0x220 [ 699.072247][T31979] do_syscall_64+0x60/0xe0 [ 699.076656][T31979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.082542][T31979] RIP: 0033:0x45cb29 [ 699.086436][T31979] Code: Bad RIP value. [ 699.090491][T31979] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 699.098893][T31979] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 699.106855][T31979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 699.114814][T31979] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 699.122776][T31979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 699.130738][T31979] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 [ 699.206053][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 699.206085][ T28] audit: type=1804 audit(1594038772.509:251): pid=31980 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/328/file0" dev="sda1" ino=16384 res=1 12:32:52 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 699.284186][ T28] audit: type=1804 audit(1594038772.509:252): pid=31983 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/328/file0" dev="sda1" ino=16384 res=1 [ 699.453913][T31959] mkiss: ax14: crc mode is auto. 12:32:52 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x3a], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:52 executing program 0 (fault-call:5 fault-nth:3): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:52 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 699.611835][T31959] mkiss: ax12: crc mode is auto. [ 699.653078][T31974] mkiss: ax13: crc mode is auto. 12:32:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x5, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x30243, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x2000, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) socket(0x0, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(0xffffffffffffffff, r6) fsetxattr(0xffffffffffffffff, &(0x7f00000000c0)=@random={'os2.', '/dev/vfio/vfio\x00'}, &(0x7f0000000100)='$-\x00', 0x3, 0x1) dup2(r3, r5) ioctl$USBDEVFS_RESETEP(r5, 0x80045503, &(0x7f0000000080)={0x8, 0x1}) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f00002f3000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 699.776491][T32026] FAULT_INJECTION: forcing a failure. [ 699.776491][T32026] name failslab, interval 1, probability 0, space 0, times 0 12:32:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x11f08) [ 699.863450][ T28] audit: type=1804 audit(1594038773.159:253): pid=32041 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/340/file0" dev="sda1" ino=16024 res=1 [ 699.883708][T32026] CPU: 0 PID: 32026 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 699.894730][T32026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.904807][T32026] Call Trace: [ 699.908127][T32026] dump_stack+0x18f/0x20d [ 699.912490][T32026] should_fail.cold+0x5/0x14 [ 699.917113][T32026] should_failslab+0x5/0xf [ 699.921552][T32026] kmem_cache_alloc+0x2a9/0x3b0 [ 699.926432][T32026] security_file_alloc+0x34/0x170 [ 699.931489][T32026] __alloc_file+0xd8/0x350 [ 699.935938][T32026] alloc_empty_file+0x6d/0x170 [ 699.940730][T32026] path_openat+0xe3/0x2750 [ 699.945171][T32026] ? __lock_acquire+0x16e3/0x56e0 [ 699.950235][T32026] ? path_lookupat+0x830/0x830 [ 699.955022][T32026] ? perf_trace_lock+0xeb/0x4a0 12:32:53 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 699.959907][T32026] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 699.965919][T32026] ? __lockdep_free_key_range+0x110/0x110 [ 699.971669][T32026] ? lock_is_held_type+0xb0/0xe0 [ 699.976643][T32026] do_filp_open+0x17e/0x3c0 [ 699.981174][T32026] ? may_open_dev+0xf0/0xf0 [ 699.985704][T32026] ? __alloc_fd+0x28d/0x600 [ 699.990247][T32026] ? lock_downgrade+0x820/0x820 [ 699.990576][ T28] audit: type=1804 audit(1594038773.189:254): pid=32038 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/330/file0" dev="sda1" ino=16031 res=1 [ 699.995105][T32026] ? do_raw_spin_lock+0x120/0x2b0 [ 699.995125][T32026] ? rwlock_bug.part.0+0x90/0x90 [ 699.995159][T32026] ? _raw_spin_unlock+0x24/0x40 [ 699.995175][T32026] ? __alloc_fd+0x28d/0x600 [ 699.995207][T32026] do_sys_openat2+0x16f/0x3b0 [ 699.995233][T32026] ? build_open_flags+0x650/0x650 [ 700.046818][T32026] ? wait_for_completion+0x260/0x260 [ 700.052134][T32026] ? __sb_end_write+0xf8/0x1d0 [ 700.056926][T32026] ? vfs_write+0x161/0x5d0 [ 700.061374][T32026] __x64_sys_creat+0xc9/0x120 [ 700.066089][T32026] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 700.071750][T32026] ? do_syscall_64+0x1c/0xe0 [ 700.076368][T32026] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 700.082376][T32026] ? trace_hardirqs_on+0x5f/0x220 [ 700.087431][T32026] do_syscall_64+0x60/0xe0 [ 700.091876][T32026] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 700.097789][T32026] RIP: 0033:0x45cb29 [ 700.101691][T32026] Code: Bad RIP value. [ 700.105765][T32026] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 700.114207][T32026] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 700.122200][T32026] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 700.130192][T32026] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 700.138186][T32026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 700.146180][T32026] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 12:32:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x78], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 700.151586][ T28] audit: type=1800 audit(1594038773.189:255): pid=32052 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16380 res=0 [ 700.266941][T32054] mkiss: ax12: crc mode is auto. 12:32:53 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x8) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 700.311565][ T28] audit: type=1804 audit(1594038773.189:256): pid=32052 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir169854578/syzkaller.xi8mmt/254/file0" dev="sda1" ino=16380 res=1 12:32:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0xfffffffffffffef4}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000000000401000000000000000000000000000001001c00fbff06000000000000000bae0000000000000003000a00000000000000000000a34146"]) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) getsockopt$PNPIPE_IFINDEX(r5, 0x113, 0x2, &(0x7f0000000140), &(0x7f0000000200)=0x4) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:32:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0xfc], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 700.489634][T32069] mkiss: ax12: crc mode is auto. 12:32:53 executing program 0 (fault-call:5 fault-nth:4): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 700.557835][T32080] mkiss: ax13: crc mode is auto. 12:32:53 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 700.646616][ T28] audit: type=1804 audit(1594038773.949:257): pid=32079 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/331/file0" dev="sda1" ino=15984 res=1 12:32:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x24000844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg(r0, &(0x7f0000000680)={0x0, 0x13000011, &(0x7f00000000c0)=[{&(0x7f0000000080)='f', 0xffffff1f}], 0x8, 0x0, 0x0, 0xf00}, 0x7ffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ff0900bfa70000000000002402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000000704000000000000b7040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c222375e37391b130150c62f164f09060000000000000013a80c19aab9d611f5969f62c28b22756bedf3cf393d14c46cc4f716da4f0de8163f6242fa7323f1740637c48468766a1841439fce41f144631ac262dcae18c3d1a1fbe96dd87235b44174f7c0343185089a0f119e31975e551558050400ff0498dc4ea1d75d3066d52dbb55d0e331a5fb33abadd3a0c218078be8d75aabad71bfc70281251ab136740a4781353d114e024762f07612b1c3d686f1264c8fc62e06000000fda8c226f236b2b017b569762fa39884bd1dc08eb9d6c91b9364b7bcf572d0cb617949863303de732a92ce1bdc2fc568652ea4e96ceb14693c84382d3b09a1000000000000000000000000ae8d804b53c7e864d994800486ce4d2f3b58a947ef31f1d41d2b16454add03e2aec5f9c93f9d3e43a52d2c615cdd265e649c770cfa9b47b812c79bf0a685ce152bc4fdb7c49e5c4643ff8902de09ff8fe5709f06f2dcc31cc45c"], &(0x7f0000000280)='GPL\x00'}, 0x48) r2 = socket$kcm(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r1, 0x4) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) ioctl$CAPI_INSTALLED(r5, 0x80024322) 12:32:54 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0xff], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 700.736187][T32097] FAULT_INJECTION: forcing a failure. [ 700.736187][T32097] name failslab, interval 1, probability 0, space 0, times 0 [ 700.777460][ T28] audit: type=1804 audit(1594038773.949:258): pid=32089 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/331/file0" dev="sda1" ino=15984 res=1 [ 700.854640][T32097] CPU: 1 PID: 32097 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 700.863459][T32097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.873522][T32097] Call Trace: [ 700.876485][ T28] audit: type=1804 audit(1594038774.139:259): pid=32105 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/341/file0" dev="sda1" ino=16016 res=1 [ 700.876823][T32097] dump_stack+0x18f/0x20d [ 700.903726][T32097] should_fail.cold+0x5/0x14 [ 700.908411][T32097] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 700.913793][T32097] should_failslab+0x5/0xf [ 700.918240][T32097] __kmalloc+0x27d/0x340 [ 700.922490][T32097] ? tomoyo_realpath_from_path+0xc3/0x620 [ 700.928220][T32097] tomoyo_encode2.part.0+0xe9/0x3a0 [ 700.933433][T32097] ? tomoyo_realpath_from_path+0xc3/0x620 [ 700.939170][T32097] tomoyo_encode+0x28/0x50 [ 700.943596][T32097] tomoyo_realpath_from_path+0x186/0x620 [ 700.949267][T32097] tomoyo_check_open_permission+0x272/0x380 [ 700.955263][T32097] ? tomoyo_path_number_perm+0x4d0/0x4d0 [ 700.960958][T32097] ? lock_downgrade+0x820/0x820 [ 700.965823][T32097] ? do_raw_spin_lock+0x120/0x2b0 [ 700.970870][T32097] tomoyo_file_open+0xa3/0xd0 [ 700.975561][T32097] security_file_open+0x52/0x3f0 [ 700.980504][T32097] ? __mnt_want_write+0x1bc/0x2a0 [ 700.985595][T32097] do_dentry_open+0x3a0/0x1290 [ 700.990384][T32097] path_openat+0x1bb9/0x2750 [ 700.995007][T32097] ? path_lookupat+0x830/0x830 [ 700.999785][T32097] ? perf_trace_lock+0xeb/0x4a0 [ 701.004735][T32097] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 701.010729][T32097] ? __lockdep_free_key_range+0x110/0x110 [ 701.016459][T32097] ? lock_is_held_type+0xb0/0xe0 [ 701.021408][T32097] do_filp_open+0x17e/0x3c0 [ 701.025919][T32097] ? may_open_dev+0xf0/0xf0 [ 701.030438][T32097] ? do_raw_spin_lock+0x120/0x2b0 [ 701.035474][T32097] ? rwlock_bug.part.0+0x90/0x90 [ 701.040423][T32097] ? _raw_spin_unlock+0x24/0x40 [ 701.045363][T32097] ? __alloc_fd+0x28d/0x600 [ 701.049883][T32097] do_sys_openat2+0x16f/0x3b0 [ 701.054569][T32097] ? build_open_flags+0x650/0x650 [ 701.059598][T32097] ? wait_for_completion+0x260/0x260 [ 701.064893][T32097] ? __sb_end_write+0xf8/0x1d0 [ 701.069665][T32097] ? vfs_write+0x161/0x5d0 [ 701.074096][T32097] __x64_sys_creat+0xc9/0x120 [ 701.078779][T32097] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 701.084422][T32097] ? do_syscall_64+0x1c/0xe0 [ 701.089024][T32097] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 701.095014][T32097] ? trace_hardirqs_on+0x5f/0x220 [ 701.100052][T32097] do_syscall_64+0x60/0xe0 [ 701.104481][T32097] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 701.110375][T32097] RIP: 0033:0x45cb29 [ 701.114261][T32097] Code: Bad RIP value. [ 701.118325][T32097] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 701.127109][T32097] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 701.135086][T32097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 701.143062][T32097] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 701.151039][T32097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 701.159017][T32097] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 12:32:54 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000018105e04da0700000000652227fe45000109022400010000000009040000090300000009210000000122220009058103"], 0x0) dup(0xffffffffffffffff) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0022220000009623137502091fefad4ac2c206e53f070c0000082a9000170900be808376"], 0x0}, 0x0) r1 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x424, 0x7505, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x4, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x10}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff}}, {{0x9, 0x5, 0x3, 0x2, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io(r1, &(0x7f0000000340)={0x2c, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x3, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000180)={0x2c, &(0x7f0000000040)={0x0, 0x9, 0x79, {0x79, 0x31, "0172fa3581dbacee98849a8780391514c9778447bdb98a0ca11436ca25b7d14df803458953c95b8104f6bd5e1064e2d83e4de0f9c4f6109bd0226882a7c41735ef3a9e3c66d3280bfdb98634d52ac4eb3b8fe6d47082e7e5749e6b3e96fd8813e348663d671f53074c50b5fce4cb61278b6f44baf430ba"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1409}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000fbb000000050fd400050b10010860000802b60a01141004403898cc28347c9adab8bed1d8000400000000000002000320010083100b8a802d764ff8d1b1b7eb3ffa6fa79134e2d7bacb06a6e88008082a746598d37c69d0b6ef8113d723848317bba1eef0c95d4e60ef0cf2c1a9ced70f89afb0cdf97e6d390b1f96ff679d86a8aa7ac3ddb5cd95784c64b0dfc2667c416bcbe883fe7b7d82b0c0d5c8edc499c36546ce4fa363b804bcb63200c20891f8e5fead2b720a10030008003f813a6b5296948aaa7ccb8ff82cb083bfdf5ad11b6580713a8ac906e2dcf164eb4f0bfa68ad61454789b55adf49571713b12af51ef034e11d0a2bbda7482a40912368032863fac1a2d36170db50a3d2502498674019ebd37372d5594059118a23af4b238e2de43b9651c79a38e87bd73e532ccad374d5fb435a0bef61745989395a718294f6cc9f20b577906b69a3ce8dd6bbc4f06a7e0841aac2dfec2ea9c669789482b4"], &(0x7f0000000100)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x18, 0x6, 0x9, "035a8725", "6f1c1375"}}, &(0x7f0000000140)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x10, 0x5, 0x8, 0x40, 0x3}}}, &(0x7f0000000780)={0x84, &(0x7f0000000340)={0x0, 0x18, 0x50, "4110c120e77b0ad1f3ee7af324da20f6c3f648b045578bb5892c538d71b3b93cf7604ee4163603d8749bf9f80bb5b8be7ae2bfa91b8489265b00eb2310b7bb058846827a12e735d78c9bc8d60c8aba8d"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x90}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x1, 0x4}}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x80, 0x4}}, &(0x7f00000004c0)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000500)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000540)={0x40, 0xb, 0x2, '.\n'}, &(0x7f0000000580)={0x40, 0xf, 0x2, 0x5}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @random="b39cad89654c"}, &(0x7f0000000600)={0x40, 0x17, 0x6, @local}, &(0x7f0000000640)={0x40, 0x19, 0x2, "d1db"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0xd447}, &(0x7f00000006c0)={0x40, 0x1c, 0x1}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0xb9}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x9}}) [ 701.220695][T32097] ERROR: Out of memory at tomoyo_realpath_from_path. 12:32:54 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:54 executing program 0 (fault-call:5 fault-nth:5): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 701.312463][ T28] audit: type=1804 audit(1594038774.609:260): pid=32121 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/332/file0" dev="sda1" ino=15999 res=1 12:32:54 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x48) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 701.395305][T32129] mkiss: ax12: crc mode is auto. [ 701.535504][T32140] FAULT_INJECTION: forcing a failure. [ 701.535504][T32140] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 701.548748][T32140] CPU: 0 PID: 32140 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 701.557442][T32140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.567521][T32140] Call Trace: [ 701.570810][T32140] dump_stack+0x18f/0x20d [ 701.575134][T32140] should_fail.cold+0x5/0x14 [ 701.579721][T32140] __alloc_pages_nodemask+0x1a3/0x930 [ 701.585089][T32140] ? __alloc_pages_slowpath.constprop.0+0x2780/0x2780 [ 701.591860][T32140] cache_grow_begin+0x8c/0xb20 [ 701.596618][T32140] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 701.602071][T32140] cache_alloc_refill+0x27b/0x340 [ 701.607081][T32140] ? lockdep_hardirqs_off+0x66/0xa0 [ 701.612275][T32140] ? tomoyo_realpath_from_path+0xc3/0x620 [ 701.617982][T32140] __kmalloc+0x319/0x340 [ 701.622236][T32140] tomoyo_realpath_from_path+0xc3/0x620 [ 701.627783][T32140] tomoyo_check_open_permission+0x272/0x380 [ 701.633682][T32140] ? tomoyo_path_number_perm+0x4d0/0x4d0 [ 701.639353][T32140] ? lock_downgrade+0x820/0x820 [ 701.644186][T32140] ? do_raw_spin_lock+0x120/0x2b0 [ 701.649225][T32140] tomoyo_file_open+0xa3/0xd0 [ 701.653894][T32140] security_file_open+0x52/0x3f0 [ 701.658820][T32140] ? __mnt_want_write+0x1bc/0x2a0 [ 701.663848][T32140] do_dentry_open+0x3a0/0x1290 [ 701.668615][T32140] path_openat+0x1bb9/0x2750 [ 701.673209][T32140] ? path_lookupat+0x830/0x830 [ 701.677977][T32140] ? perf_trace_lock+0xeb/0x4a0 [ 701.682814][T32140] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 701.688786][T32140] ? __lockdep_free_key_range+0x110/0x110 [ 701.694492][T32140] ? lock_is_held_type+0xb0/0xe0 [ 701.699426][T32140] do_filp_open+0x17e/0x3c0 [ 701.703920][T32140] ? may_open_dev+0xf0/0xf0 [ 701.708426][T32140] ? do_raw_spin_lock+0x120/0x2b0 [ 701.713439][T32140] ? rwlock_bug.part.0+0x90/0x90 [ 701.718379][T32140] ? _raw_spin_unlock+0x24/0x40 [ 701.723220][T32140] ? __alloc_fd+0x28d/0x600 [ 701.727741][T32140] do_sys_openat2+0x16f/0x3b0 [ 701.732413][T32140] ? build_open_flags+0x650/0x650 [ 701.737443][T32140] __x64_sys_creat+0xc9/0x120 [ 701.742110][T32140] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 701.747734][T32140] ? do_syscall_64+0x1c/0xe0 [ 701.752315][T32140] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 701.758295][T32140] ? trace_hardirqs_on+0x5f/0x220 [ 701.763325][T32140] do_syscall_64+0x60/0xe0 [ 701.767744][T32140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 701.773631][T32140] RIP: 0033:0x45cb29 [ 701.777505][T32140] Code: Bad RIP value. 12:32:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x2], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 701.781556][T32140] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 701.789954][T32140] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 701.797911][T32140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 701.805869][T32140] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 701.813827][T32140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 701.821785][T32140] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 [ 701.834131][T16534] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 701.877021][T32129] mkiss: ax12: crc mode is auto. 12:32:55 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0xb83, 0x0) r2 = dup2(r0, r1) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000040)=0xb4) 12:32:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x3], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:55 executing program 0 (fault-call:5 fault-nth:6): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:55 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 702.114710][T16534] usb 5-1: Using ep0 maxpacket: 16 12:32:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x4], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 702.164032][T16534] usb 5-1: too many configurations: 34, using maximum allowed: 8 [ 702.174619][T32169] FAULT_INJECTION: forcing a failure. [ 702.174619][T32169] name failslab, interval 1, probability 0, space 0, times 0 12:32:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x5], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 702.228035][T32169] CPU: 0 PID: 32169 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 702.236750][T32169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.246824][T32169] Call Trace: [ 702.250141][T32169] dump_stack+0x18f/0x20d [ 702.254500][T32169] should_fail.cold+0x5/0x14 [ 702.259116][T32169] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 702.264503][T32169] should_failslab+0x5/0xf [ 702.268938][T32169] __kmalloc+0x27d/0x340 [ 702.273198][T32169] ? tomoyo_realpath_from_path+0xc3/0x620 [ 702.278929][T32169] tomoyo_encode2.part.0+0xe9/0x3a0 [ 702.284138][T32169] ? tomoyo_realpath_from_path+0xc3/0x620 [ 702.289890][T32169] tomoyo_encode+0x28/0x50 [ 702.294321][T32169] tomoyo_realpath_from_path+0x186/0x620 [ 702.299986][T32169] tomoyo_check_open_permission+0x272/0x380 [ 702.305906][T32169] ? tomoyo_path_number_perm+0x4d0/0x4d0 [ 702.311620][T32169] ? lock_downgrade+0x820/0x820 [ 702.316482][T32169] ? do_raw_spin_lock+0x120/0x2b0 [ 702.321537][T32169] tomoyo_file_open+0xa3/0xd0 [ 702.326242][T32169] security_file_open+0x52/0x3f0 [ 702.331186][T32169] ? __mnt_want_write+0x1bc/0x2a0 [ 702.336208][T32169] do_dentry_open+0x3a0/0x1290 [ 702.341009][T32169] path_openat+0x1bb9/0x2750 [ 702.345601][T32169] ? path_lookupat+0x830/0x830 [ 702.350394][T32169] ? perf_trace_lock+0xeb/0x4a0 [ 702.355267][T32169] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 702.361378][T32169] ? __lockdep_free_key_range+0x110/0x110 [ 702.367099][T32169] ? lock_is_held_type+0xb0/0xe0 [ 702.372038][T32169] do_filp_open+0x17e/0x3c0 [ 702.376542][T32169] ? may_open_dev+0xf0/0xf0 [ 702.381064][T32169] ? do_raw_spin_lock+0x120/0x2b0 [ 702.386073][T32169] ? rwlock_bug.part.0+0x90/0x90 [ 702.391002][T32169] ? _raw_spin_unlock+0x24/0x40 [ 702.395839][T32169] ? __alloc_fd+0x28d/0x600 [ 702.400340][T32169] do_sys_openat2+0x16f/0x3b0 [ 702.405005][T32169] ? build_open_flags+0x650/0x650 [ 702.410032][T32169] ? wait_for_completion+0x260/0x260 [ 702.415330][T32169] ? __sb_end_write+0xf8/0x1d0 [ 702.420147][T32169] ? vfs_write+0x161/0x5d0 [ 702.424552][T32169] __x64_sys_creat+0xc9/0x120 [ 702.429213][T32169] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 702.434839][T32169] ? do_syscall_64+0x1c/0xe0 [ 702.439438][T32169] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 702.445431][T32169] ? trace_hardirqs_on+0x5f/0x220 [ 702.450462][T32169] do_syscall_64+0x60/0xe0 [ 702.454876][T32169] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 702.460756][T32169] RIP: 0033:0x45cb29 [ 702.464683][T32169] Code: Bad RIP value. [ 702.468749][T32169] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 702.477174][T32169] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 702.485160][T32169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 702.493142][T32169] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 702.501131][T32169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 702.509121][T32169] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 [ 702.584009][T16534] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 702.599523][T16534] usb 5-1: can't read configurations, error -61 [ 702.656928][T32169] ERROR: Out of memory at tomoyo_realpath_from_path. [ 702.783758][T16534] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 703.043561][T16534] usb 5-1: Using ep0 maxpacket: 16 [ 703.083786][T16534] usb 5-1: too many configurations: 34, using maximum allowed: 8 [ 703.203774][T16534] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 703.211372][T16534] usb 5-1: can't read configurations, error -61 [ 703.224019][T16534] usb usb5-port1: attempt power cycle [ 703.933426][T16534] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 704.043926][T16534] usb 5-1: Using ep0 maxpacket: 16 [ 704.094040][T16534] usb 5-1: too many configurations: 34, using maximum allowed: 8 12:32:57 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x3}, 0x0, 0x0, 0x0, 0x2, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @initdev}, &(0x7f00000002c0)=0x10) exit_group(0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYRES64=r0], 0x14}}, 0x40090) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x4c081}, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x40, 0x3a, 0x0, @empty={[0x3, 0x3c]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0004e6", 0x0, 0x0, 0x0, @remote, @remote, [@routing={0x2f}], "000022ebffff0400"}}}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x19, 0x0}, 0x891) r2 = socket(0xf, 0x803, 0x28000) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="f7400b944c2a5e2ed7cbc0285ff178df0d4f7ac7eb7378cdb1be3ab7", @ANYRES16=0x0, @ANYBLOB="010025bd7000fbdbdf250200000005003e003f00000008000a010300000008000c010800000014000200766c616e3000"/58], 0x40}, 0x1, 0x0, 0x0, 0x40010}, 0x0) syz_emit_ethernet(0x8e, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @dev={0xfe, 0x80, [], 0x39}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "ff112d", 0x8001, 0x29, 0x0, @mcast1, @remote, [@dstopts={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3a], [@enc_lim]}, @srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@mcast2]}]}}}}}}}, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$BLKROGET(r3, 0x125e, &(0x7f0000000000)) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00ef00002049fe523055d8fffff00008"], 0x28}}, 0x0) 12:32:57 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x54c441fd3f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:57 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x6], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) sendmsg$IPSET_CMD_SWAP(r3, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x6, 0x6, 0x36f52218ddfb6816, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000880}, 0x80) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x6e22}, 0x1c) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000240)=[{&(0x7f0000000040)="580000001400add427323b472545b4560a117fffffff81024e224e227f020001925aa8002056d5e7007b00090780007f0000012d8cc06200ff0000f069ccdcff74", 0x41}, {&(0x7f0000000300)="84e4bdb8cb93bc56849414a7a0a2b4d02e179545750b7f", 0x17}], 0x2) 12:32:57 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x68) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:57 executing program 0 (fault-call:5 fault-nth:7): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 704.223853][T16534] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 704.250128][T16534] usb 5-1: can't read configurations, error -61 [ 704.411038][T32246] FAULT_INJECTION: forcing a failure. [ 704.411038][T32246] name failslab, interval 1, probability 0, space 0, times 0 [ 704.431319][T32247] mkiss: ax12: crc mode is auto. [ 704.460615][T32246] CPU: 0 PID: 32246 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 704.469367][T32246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.479441][T32246] Call Trace: [ 704.482757][T32246] dump_stack+0x18f/0x20d [ 704.487119][T32246] should_fail.cold+0x5/0x14 [ 704.491743][T32246] should_failslab+0x5/0xf [ 704.496175][T32246] kmem_cache_alloc+0x2a9/0x3b0 [ 704.501157][T32246] lease_alloc+0x22/0x480 [ 704.505519][T32246] __break_lease+0xc2/0x1540 [ 704.510151][T32246] ? locks_remove_posix+0x630/0x630 [ 704.515400][T32246] ? security_file_open+0x1f5/0x3f0 [ 704.520633][T32246] do_dentry_open+0x48c/0x1290 [ 704.525442][T32246] path_openat+0x1bb9/0x2750 [ 704.530082][T32246] ? path_lookupat+0x830/0x830 [ 704.531773][T32250] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 704.534870][T32246] ? perf_trace_lock+0xeb/0x4a0 [ 704.534924][T32246] ? lockdep_hardirqs_on_prepare+0x590/0x590 12:32:57 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x7], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 704.534948][T32246] ? __lockdep_free_key_range+0x110/0x110 [ 704.534969][T32246] ? lock_is_held_type+0xb0/0xe0 [ 704.535003][T32246] do_filp_open+0x17e/0x3c0 [ 704.535023][T32246] ? may_open_dev+0xf0/0xf0 [ 704.535052][T32246] ? do_raw_spin_lock+0x120/0x2b0 [ 704.535072][T32246] ? rwlock_bug.part.0+0x90/0x90 [ 704.535102][T32246] ? _raw_spin_unlock+0x24/0x40 [ 704.535118][T32246] ? __alloc_fd+0x28d/0x600 [ 704.535153][T32246] do_sys_openat2+0x16f/0x3b0 [ 704.535174][T32246] ? build_open_flags+0x650/0x650 [ 704.535196][T32246] ? wait_for_completion+0x260/0x260 [ 704.535216][T32246] ? __sb_end_write+0xf8/0x1d0 [ 704.535233][T32246] ? vfs_write+0x161/0x5d0 [ 704.535257][T32246] __x64_sys_creat+0xc9/0x120 [ 704.535275][T32246] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 704.535298][T32246] ? do_syscall_64+0x1c/0xe0 [ 704.535317][T32246] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 704.535335][T32246] ? trace_hardirqs_on+0x5f/0x220 [ 704.535357][T32246] do_syscall_64+0x60/0xe0 [ 704.535376][T32246] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 704.535391][T32246] RIP: 0033:0x45cb29 [ 704.535399][T32246] Code: Bad RIP value. [ 704.535408][T32246] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 704.535427][T32246] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 704.535438][T32246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 704.535454][T32246] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 704.535466][T32246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 704.535477][T32246] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 [ 704.566867][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 704.566881][ T28] audit: type=1804 audit(1594038777.870:269): pid=32254 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/344/file0" dev="sda1" ino=16384 res=1 [ 704.775505][T32247] mkiss: ax12: crc mode is auto. 12:32:58 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r3, 0x800442d4, &(0x7f0000000000)=0x4) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x5) r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TCFLSH(r7, 0x8926, 0x20000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_RELOAD(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r9, 0x536ae464467e3e0b, 0x0, 0x0, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0xb}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r7, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)={0xf8, r9, 0x100, 0x70bd28, 0x25dfdbfe, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xffffffffffffff8a, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6}}, {{@nsim={{0x0, 0x1, 'netdevsim\x00'}, {0x0, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xffffffffffffff8e, 0x4, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x6}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4001}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}]}, 0x34}}, 0x0) 12:32:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x8], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:58 executing program 0 (fault-call:5 fault-nth:8): r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:58 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:58 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000200)='./file0/bus\x00', 0xc0000191) unlink(&(0x7f0000000000)='./file0/bus\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) [ 704.936805][T32280] mkiss: ax12: crc mode is auto. [ 704.980490][T32280] mkiss: ax13: crc mode is auto. [ 705.021507][T32280] mkiss: ax14: crc mode is auto. 12:32:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x9], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 705.077552][T32280] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 705.129904][T32293] FAULT_INJECTION: forcing a failure. [ 705.129904][T32293] name failslab, interval 1, probability 0, space 0, times 0 [ 705.160943][ T28] audit: type=1804 audit(1594038778.460:270): pid=32294 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/336/file0" dev="sda1" ino=16377 res=1 [ 705.217429][T32293] CPU: 0 PID: 32293 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0 [ 705.226159][T32293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.236239][T32293] Call Trace: [ 705.239558][T32293] dump_stack+0x18f/0x20d [ 705.243929][T32293] should_fail.cold+0x5/0x14 [ 705.248553][T32293] should_failslab+0x5/0xf [ 705.252996][T32293] kmem_cache_alloc+0x2a9/0x3b0 [ 705.257933][T32293] ima_d_path+0x4d/0x1e3 [ 705.262219][T32293] process_measurement+0xac5/0x1760 12:32:58 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x10000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0xa], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0x1f8, 0x2, 0x2, 0x301, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0x50, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={[], [], @empty}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @broadcast}}}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0xfffffffe}, @CTA_EXPECT_NAT={0x124, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x7c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1={0xfc, 0x1, [], 0x1}}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_NAT_TUPLE={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={[], [], @private=0xa010102}}, {0x14, 0x4, @local}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_MASTER={0x68, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @empty}}}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x404c011}, 0x1f50ed6565c04e53) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000049000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r7, 0x84, 0x12, &(0x7f0000000100)=0x3, 0x4) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) dup2(0xffffffffffffffff, r9) getsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000140), &(0x7f0000000400)=0x4) [ 705.267462][T32293] ? mmap_violation_check+0x1e0/0x1e0 [ 705.272872][T32293] ? perf_trace_lock+0xeb/0x4a0 [ 705.277750][T32293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 705.283750][T32293] ? rwlock_bug.part.0+0x90/0x90 [ 705.288749][T32293] ? lock_acquire+0x1f1/0xad0 [ 705.293601][T32293] ? aa_get_label_rcu+0x400/0x400 [ 705.298652][T32293] ? find_held_lock+0x2d/0x110 [ 705.303443][T32293] ? aa_get_task_label+0x25d/0x540 [ 705.308596][T32293] ? lock_downgrade+0x820/0x820 [ 705.313547][T32293] ? ext4_file_open+0x1d0/0x6b0 [ 705.318437][T32293] ? ext4_dio_write_end_io+0x100/0x100 [ 705.323936][T32293] ? aa_get_task_label+0x27f/0x540 [ 705.327580][ T28] audit: type=1804 audit(1594038778.460:271): pid=32303 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/336/file0" dev="sda1" ino=16377 res=1 [ 705.329068][T32293] ? apparmor_task_getsecid+0xc2/0x110 [ 705.329126][T32293] ima_file_check+0xb9/0x100 [ 705.329145][T32293] ? process_measurement+0x1760/0x1760 [ 705.329186][T32293] path_openat+0x156c/0x2750 [ 705.329221][T32293] ? path_lookupat+0x830/0x830 [ 705.376609][T32293] ? perf_trace_lock+0xeb/0x4a0 [ 705.381487][T32293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 705.387498][T32293] ? __lockdep_free_key_range+0x110/0x110 [ 705.393237][T32293] ? lock_is_held_type+0xb0/0xe0 [ 705.398212][T32293] do_filp_open+0x17e/0x3c0 [ 705.402741][T32293] ? may_open_dev+0xf0/0xf0 [ 705.407290][T32293] ? do_raw_spin_lock+0x120/0x2b0 [ 705.412343][T32293] ? rwlock_bug.part.0+0x90/0x90 [ 705.417316][T32293] ? _raw_spin_unlock+0x24/0x40 [ 705.422208][T32293] ? __alloc_fd+0x28d/0x600 [ 705.426757][T32293] do_sys_openat2+0x16f/0x3b0 [ 705.431457][T32293] ? build_open_flags+0x650/0x650 [ 705.436513][T32293] ? wait_for_completion+0x260/0x260 [ 705.441826][T32293] ? __sb_end_write+0xf8/0x1d0 [ 705.446609][T32293] ? vfs_write+0x161/0x5d0 [ 705.451051][T32293] __x64_sys_creat+0xc9/0x120 [ 705.455751][T32293] ? __x32_compat_sys_openat+0x1f0/0x1f0 [ 705.461412][T32293] ? do_syscall_64+0x1c/0xe0 [ 705.466026][T32293] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 705.472030][T32293] ? trace_hardirqs_on+0x5f/0x220 [ 705.477089][T32293] do_syscall_64+0x60/0xe0 [ 705.481530][T32293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 705.487442][T32293] RIP: 0033:0x45cb29 [ 705.491350][T32293] Code: Bad RIP value. [ 705.495428][T32293] RSP: 002b:00007ffa00cc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 705.503854][T32293] RAX: ffffffffffffffda RBX: 00000000004dbee0 RCX: 000000000045cb29 [ 705.511843][T32293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 705.519832][T32293] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 705.527819][T32293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 705.535810][T32293] R13: 00000000000000a1 R14: 00000000004c36b0 R15: 00007ffa00cc86d4 12:32:58 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x74) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:59 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:32:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x10], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 705.751867][T32337] mkiss: ax12: crc mode is auto. [ 705.764076][ T28] audit: type=1804 audit(1594038779.060:272): pid=32293 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="file0" dev="sda1" ino=16384 res=1 [ 705.977361][T32361] mkiss: ax12: crc mode is auto. [ 706.018957][T32299] mkiss: ax13: crc mode is auto. [ 706.039787][T32299] mkiss: ax14: crc mode is auto. [ 706.062266][T32280] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:32:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) ioctl$SNDRV_PCM_IOCTL_STATUS64(r3, 0x80984120, &(0x7f0000000140)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="30000000210001"], 0x30}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 12:32:59 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:32:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x28], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:32:59 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:32:59 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x20000002000}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x4b) setsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r2, r3, 0x0) dup2(r1, r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) r7 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r9}, 0x10) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000000)={r9, 0x7fffffff}, &(0x7f0000000040)=0x8) 12:32:59 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x10000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 706.659251][T32438] mkiss: ax12: crc mode is auto. 12:33:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x29], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 706.757514][ T28] audit: type=1804 audit(1594038780.060:273): pid=32435 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/346/file0" dev="sda1" ino=16382 res=1 [ 706.828485][T32438] mkiss: ax12: crc mode is auto. 12:33:00 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x2) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 706.861893][ T28] audit: type=1804 audit(1594038780.060:274): pid=32444 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/346/file0" dev="sda1" ino=16382 res=1 12:33:00 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x300) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x33], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:00 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x1000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000080), 0x4) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(0x0, 0x0) ptrace$cont(0x18, r4, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7472616e73ab54b874b5e9badcb2c821bff11a77503d66642c7266646e6f3d", @ANYRESHEX=r5, @ANYBLOB="2c95ac34e66f3d", @ANYRESHEX=r6]) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x20002, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x66b2010000000000, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) sendfile(r3, 0xffffffffffffffff, &(0x7f00000000c0)=0xffffffff00000001, 0x400) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) [ 707.200652][ T28] audit: type=1804 audit(1594038780.500:275): pid=32470 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/347/file0" dev="sda1" ino=16048 res=1 12:33:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x3a], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:00 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 707.360552][ T28] audit: type=1804 audit(1594038780.500:276): pid=32474 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/347/file0" dev="sda1" ino=16048 res=1 12:33:00 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x1}}], 0x18}], 0x1, 0x0) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="01003d56", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x76, &(0x7f00000000c0)={r4}, 0x8) [ 707.399115][ T28] audit: type=1804 audit(1594038780.660:277): pid=32477 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/339/file0" dev="sda1" ino=16376 res=1 12:33:00 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x500) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 707.477292][ T28] audit: type=1804 audit(1594038780.660:278): pid=32481 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/339/file0" dev="sda1" ino=16376 res=1 12:33:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x78], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0xfc], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:01 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x40000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:01 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:01 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x600) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:01 executing program 2: r0 = socket(0x22, 0x2, 0x24) close(r0) r1 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @thr={&(0x7f0000000340)="5f75fe6e9f65243f291abdd951cf267d05811024a29ab20f6530b7e2332d05f23ce1cbbbd86be694ae4f2d071186e3460b9653853f69b8410d871a6309658ba3e82f8dd664bde7a41766d56297bfbc1e5eb85d9c4be9744e68ccf8f605eaca2826cb9c1e8995f46c7053396f8065d26bae15281a2156223c2ad2a9adf1f9ceecb4473c", &(0x7f0000000400)="d5d8cd27367b09b44223eef7fd0fabe0bf913037d65a3572698446d57b0810ba32e2d55456a010b55d8eb92ffc066014be5f10540ba0096625b99357926093e286122777d94f65eef2ffdc24404bfd577407c61ce4f49a712ba7967c6030c3682f171a48df81e5d19e3e269c5907152a935a329c86fe7beb9991b434175c8b700abe41f9a3d6a7941722c6cd4da28c5d3a264237e1d91cf9ba46d8b26f13f17dfa437c152371760a135dc83763a3b0b2175eb71acb2a3385d3a5bf3887ead74dfc1c7eea4e345ae4c75e1f5dfab933349bfa8e7cfe2ebec2656b2b06528422edfb2c4af1e0dac5103550c62e4da92a928fd636c22aa54ec3e4429beca3958b95acd18fece88c938f820a0f2b930fb254565147eac8c9b35ce58f09398894a972434ffebe7090423d54753dd2f9193a3cfdaaf210eb5f70fd3c394b44689314574be4d50cd7a2823ec30a1db075f78e1ff01d11b6877bb5f39d9bf89e7ef5d06402f7ad9a7c0bee64269ee42e47a565bcaca9d8362d2dc3ea117ad35b791ae0b69e8b88a92afcb9676517f638a2b7e7fcfc72bbed3222650178360166be8128158a4c45cde6f4b2298a55c2516ccfdd9f219215500664be89599f7e0aefa03e6ee91271dbfd7a91082817c7acf9eaecc2396525a81c23beaa6727d41dcc991e5874c5154c564ffee4406aec3b2bf41fd4fd605c01d41408ca02723292ea261411273e2563ca3b2b310aefd8ee72e2ff44d6b959aa4ff1f11e326a3a9d02f8cd99f86eb81c4d5f88707b434766d5d37d1ec0ac1cf6b4757a0d667b41d9f183ae2fa96efd2b806cc44269eb4f745f89ea369475b77fbac99b502b7852597594e563f7be444732912ff7178b93f5ad29d690f5322f83f5b27d58e96c736037575f989f81fe2fd73de32178cba9d061d92f9e15aee093493363df20f86e8898359a6d0f24ea953d98115801555a42b2bcd99c1d51682ac18066ddd021d223822f380db73cdaf4d1eb355dc8803cd71105cad1c81caff8da78662a9add4bdf08855bf7817a5ec97ec3b8d6cc2df521c059f7597fb6fcf6257349b92b181c5b4e1c711917797680734a1e1b27caa995369ad92c6fde59f08efdc1fed7c92860d84a30fb6055a3a7deaad5b97d51c83456352c699387ebb64b0b22eddba64a99ebf8c1794a0b9efdd17a85b05d2da98e821b163e05e03028d0ce30a98504d8f20aea1e970824619f0b4d581d5b3aa4e66827e83bb43ea80d11e5ee158620c41b8a569c1ae0f4f19f1337efd2ce263f6d7a71945d429192ea8e473a205ac410116476317a83ebbbb835cb7127e93da9e48027548b8b20da7110f28baef4faf3d9378321db94caebe535b0e58c7cb55019c8e7ece4b78f72072295d547d79cdbb5f2f1bc695d50c5d9f494e0cc419015ed97ef8158693d6891ece4c5310ccd94b3a3e86e81a6c584e2ead79cd30eee6a892b2cbc93ac2cca7ce431d478baa5d499367409c23fe0ba566b1f06e9169f76224bc50d696186fdc0cb9d543de0516f94cd758ea12ea9d3410649f06258c8e2758e0bcdbed9a70d7211d944872290bf93b5972c3d7d2a44fa63fc003a985df24ad5092ef55161ceb191fc6b8b8795d8a6de36c1e0a96c5bf66c9a566959ce879aee08755dc6fdeaa6148e45554d0f0030f128a03dcc40bd1256538aa40ba9396f9b4eadc6f03b6b7581d01c9d9f3c971e78658a4c49d0680c033feaa23987f0a1030e14160ec34ee197b309cef8f0158770287f8b66b5bf494505b64e12816c3d8e2190d1173de30f0c577300c5b018ae23315d907c53d2a629fd3cc786660f47707c858cd20fef456350b56cf5e011ecb9633973d087219b671a8e9cf8f67de59f0146d1dfeed994cfd249a0c7617e7ea7a6bc8ee4bf4f7b848373216bd5732fedc4ce0d572b9ff9b54f021c7b752330920025e438502780bd30f56b52cc25f62e8ec39b1bd61ad2f824fbd803c1bdcb9505058f4bf508ad5b67b5e9dc50c92edc0a9f55689423a6018e873210a3677292af81bf6864fabb209a3ea382f79e824c0767a61efc688ee186fc0fa8e49c435abae6b5ea51db76c3daee77d74422ff4660a03f8bf2dd7af2f15571c3fea37af8a028f50bff6261198786d7f5375d8ff90586c21df89f4d917f2610132292d0b3c09c13bdd3f618da7e7e5c3e6e9498d577bde8b156c5e298b5ab31c17a4047ca91571a56bef425f648dd312145fadad4a548f103428f43303d616638d3ab6fd75b6aa321a4c7cd29af9e8b31dc4f156e29fe25cc4d513c5f49b47fefff8916185c4575d3dc0e8ad05123110ae6fe4e5d4e93d11102cc0cb192a8af1126655c6b3751027cd62c86f1fe0e117779e30990a26f661649b5d34ab0a4963a4be597a36aaccdfe3cd629f0f2f1e0faf219f57d5f6e5b6775d70b9564216133428a53197845e4d062f7cc8ae1c0956d9b2e714d89af3716b8036c732f65760db0ea003508414aace6e84914495bae3f4a9891836dfdeff2f5a677f05eddd4e6f5684fb89a435203da0bf6a01b2432ba4c922e1f60868c4e284978e9f71b1e98d58d0cfe60c406b81a63c8228358e5b8b21b4356dfa865dda5a08cd8ff16d52137cc6b035331afa6c28cd449e78c74e7a5113a91672d82e104b3d3259caf633b498a7247ccba7b789ef37b399c113be6ff46f9929de91884c32171db86be18f21cd2b7b297c16359339e3427402ea1a68f0c055db10830f1556bfc583b9fd573f5f88aaf4c31542666c53957bdd20f6cae7bd35c727804f99e358c79f30e6c551e23abf5a244a6ab8ff6953c8ad0732d5839b9e1dd1461bbeb34eff086bac4562b66c3775219fb2c1f655fd4291841c6d7dec70bd55daadfd08dead89c7b6c52a7bd2b41042d6654edb1c6112f015fcb8477b4571f40614e6b69ec7d9c2bcc16568fede8051570de299f0c52d76ef362bbd5d46d9f9f4ff9969455ba77f51be45c2d14e37fd4b3654006b9135fd60b0d7fc7c57089164fa846101d546ff7a0977a75c4fb2d7aeb55d71d8e52a4f9eed2cfe25fea04b56bd23d818c30e5cdd3b62647118beab73fd679e818bab8b7e05decf6a75cfa88c5a6e876cf7288a7677552fee360c7542ad5b82394abf6c6d0b1c20a67b3ae72fda277a225830c3dc10ff6c5932fa2e84be0072805de9c051853546d80fa897456a9789ba827e439e29a93b4a4f032e09137e87126eefe97313e3934f766e6b82f44e2f2b00f78c0538dab6e8231b7a25be6b6fa7edcca7c765e6b9d3b8baf5f95dc2bf8462b339035a255d7912c9c0410c34637f3ce3e31986744c8dd76973d2c29e196123bb74d7ba34dbb0bdcaee94c36e2dfa89e152634657dedb081e16ec6a80bb8f718f033bd0175ce7f60b3dc192ab33cb03978a1b2ec2aa8942481b9c9139e5006856ec392c360dbe0c0ae0b6e853506a41088cb8685d26a9df0335095e47605c117d08ed9172a57f9fa8ea92f8733bdc0b6fffd8e0c868d8f4b8d49362f888c49315b5a011a3c3452346d29ea9c95f2dcc1944723c156f0583118ba6d0e0179048b9cb4f734260b1f18bcedce8947acc2e85685e071a6981255f963d1e6a3e4c9628ed30a2737c3e344973adf95091b4a6de2882d01097ecaf5aabb9cfa1b427371ea37d194811792ddd0560b24d2c135d0fba7bd8ddb0fb96e41fdbffcf8352879880288c3ce083f2f8f936a4b8e416a3c54f913538214c7e03958c81cc3ccb8451a8178dc23a92fb4af47c2b35ad1ca261a50fe427829269fa0152b85939fba4d6445b7087c17909a3af298f3b3aba2def461254d9934488060fd04041a8bc01c05a4afe2b2e64d1dc4e6b5d6eb301920eedc9b58def0c88311dd51759751122fae9f9408824a88bdc5799f0e4c17dfee2a492cd1fd9c1f56e9d9fc281d2223c18f67fe4908677b42e95891e6f71a33bc437d12e32bcd6819a08194b600161e4b8fbdfb32708af8d9aa2438890a378fbf295e85cd319e7792b695dc56372e9e56aaa49823c79cae6cddf59ba32221201076038a260102121c5226ff83c07ae8190ade4150427f00ec4fd235a86d1f242711b941c1f7c56f25e8bfd74c3e3f51e3fca787bfc104457f83953e7f1742a982c191e0e4795e35df144423eeaca0fdfdb64ff354190a56c2a4b1d971bd866df87ffcacfcd0598d28d7661b7a89c5e75a2b70057309a410f769ac33e7e4c32ad6423a0a2cd062682f8b8b8fc18ee2490a53abdd10275e507c5f2a0704b2488b8bd1608bbeb1166f09768f8c3e5e539d4db1bc0d8cadde5ccd62575f312fc233ac8c16ecd0b3a658ae937f3d08ecb831044b1c943c3b25c8f6c3d008c774c0cd1e481eca81bf00d58623e053c1165368ea1a2b79c20284d3e5bca131724913f0339ece65ee131fcec7274a049d1d26acbdc56e37b031211ace0a20b0472f83633f9fea4fe8e954d5f94f20b9d88c3681b2fb1ce07885db090660c754e16888ac336c29a9903d8cfaf03a1f8f5ac18ab493ba932562fc0b3c05352068f6afe170f9a474ddce63d37997c064add1a6e500f5fb07c07a0510891dbb41b2aabbf4023b543fc38787d1844a5032c9f7b39c084458bb162dd6ff1717764e3ee9935809635a51ed563a4efdf0918aaf9ba46d95efd0886908d541b1aafc0f823fe9003192aed70aa6c1f55ebccb665b79bcf0de38503cf99fb601c31c954955293806d820e1e675732c04a8d9d41445a01987f07bbddd274ccc47bd9bffc3ee9fd9f541933446fc765e21dabcbeb8ca4f956cd5809a9c176d558f62b820b831fbb750e3f03ad752627d9a3bbb4f9ed7b05e4ecff2fc9a1dc073e22e7f1d88aac3101bf6aa1080e91217fc6dc09c3d1e8c1007de57d7044d702decf8d7e6d6c3b27be19a2b9744b927640e288e2c35a3287098fb7ad7e6c5204e63c0c86af60c1af0ca0c12af3dc8b840743571dd938ef0e90cd8ffe3dbff858ccd5008e08fb1e03a5c1fc9d5389f8f8b0bdf2c5b9a3ceb8a9056bfb34da607609010a1a16afb6c22116515ec7d853a62636a891117890c05d15b5d02b44a144ad2edc768ff4d3f3de7c721735a69ca011e304ea8250ae40c81102cccbff79dd17d800803dc19f8e8a412c1db499bd8633c51342b8c014df37642f25041d3a954baef3c141de9fa11c8196297876ccb14ae3df5375dc01eb4e9542e0dce148e874690fe8b58664c712b6c1711c71cdcc0496952607149c016780610d58942ec96ebe22a62cdaf67a0003a7d263cf26190fbb31f22ea74e0d9289e5f99cef4eb497fdd32afdd7cd3acd3d79b6527cfae75235d10e823cf9851727c072e90b64e93497b96393174f678963f44298d6c3c1186bd8b2770e9736beef0d95dfb9a9c9bc710144cc390ebcdfa89fb33901c09dbda28d1064e3ca2522207611cacf78a4aeb8125cbc3c24400070caf9dc63bd2e5cf1d3efa32f701dc452b1fdd89883fca1935a79ce60f9e3d15e56a7eba1532ebcf6d1292b377bd657e94e24a4451711914e64d43adcceb4e2408f1ca5ae8949fb276baa36f97a6eaf001699e902623ccd7cbd33e8d87f9248d09351583424192301f6513d1f97fd361a62af53813e8247de469154f1122b6570c3b57d1ffa10e71a7a0e22c1c45d47681d5193daa48f0f2b3d3d853e62c30bd18d937ec317285843b2dd0878ddb227bc6d43682e74390a3a37b9893e6dfb4481c8d8818a2ce4b010a17d357be84fd57ee164876fe99290a5ea361eb236454051a871e1723ffabc4563d4aefec0183c87561e2f9b16a6d9ba292c81269"}}, &(0x7f0000044000)) pidfd_open(r1, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xf) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(0xffffffffffffffff, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) ioctl$TIOCGPTLCK(r6, 0x80045439, &(0x7f00000002c0)) r7 = fcntl$dupfd(r3, 0x0, r3) r8 = dup2(r2, r7) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r7, 0xc01064c7, &(0x7f0000000100)={0x7, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) socket$inet(0x2, 0x80001, 0x84) getsockopt$IP6T_SO_GET_ENTRIES(r8, 0x29, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000ec000000f933718525d34fa14032d9c0618fb5ed239ece7211b656f34ba961f86616f623ea33c8ce8591ddfa1c044bdf2b584db874013c2a741a31b3e5ed19215226b8e263b9dc526714305920de4428c484cd61aa772b5d5e7ad0f19d1093e04b4dd104b1b5a24e793aaec012f780e393df0483feabe48c9d6170f6137b7d46b3e751c2c99c3389de8fdc8fbfefce2616640ea9c4e8ff2edde3e382cf72d81e3701545c9f0204415b06e6da935c12c7dba8572659e25c1f4504924db6fc59a510511c73be6e6bb2818a63940354594aef13fe57c8f35b7a2618387ca0f0c97198f7038b993a098d9d3f562ba1b2111b"], &(0x7f0000000280)=0x110) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x4}, 0x90) 12:33:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0xff], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 708.329622][T32535] delete_channel: no stack [ 708.394815][T32535] mkiss: ax12: crc mode is auto. 12:33:01 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x5) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:01 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x700) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 708.496215][T32535] delete_channel: no stack 12:33:01 executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="1212d8006c8c0a40f60d21000000010902100001000000000904000000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x154, r4, 0x100, 0x70bd25, 0x25dfdbff, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000005}, 0x40000) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, 0x0, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0xffff}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x42}, @CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0x3f}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x10000}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x3ff}]}, @CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008084}, 0x48010) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) io_setup(0x17, &(0x7f00000002c0)=0x0) io_destroy(r8) dup2(r5, r7) ioctl$RTC_EPOCH_READ(r7, 0x8008700d, &(0x7f0000000000)) 12:33:01 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r0, 0x401) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000040)={r0, 0x45}, &(0x7f00000002c0)=ANY=[@ANYBLOB="656e633d706b63733120b15c686173683d5723d1be437fe72e48ec3d03eb39703a6c79313330352d67656e65726963000000000000000000000000000000000000000000000000000000000000000800"/93], &(0x7f0000000240)="1627ecadf55615c0174778232e85b52077adf93e7720464226c7a76372e4093ad13c49bfbfaed77c701a6cabbd985d133a45a267f030c19c2484b474244a597be644968091", 0x0) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="030005020314af00031400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000200055aa", 0x40, 0x1c0}]) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) fallocate(r1, 0x2, 0x4000000005, 0x4) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, &(0x7f0000000000)={0xd78, 0x0, 0x0, 0x0, 0x1a}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x2], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:02 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 708.893165][ T2870] usb 5-1: new high-speed USB device number 27 using dummy_hcd 12:33:02 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x80000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:02 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x3], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 709.045355][T32566] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. 12:33:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x4], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 709.104833][T32566] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 709.112399][T32566] loop2: p2 < > p4 [ 709.154800][T32566] loop2: p4 size 2097152 extends beyond EOD, truncated [ 709.163715][ T2870] usb 5-1: device descriptor read/64, error 18 12:33:02 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x5], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 709.304384][ T3917] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. 12:33:02 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x6], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 709.348216][ T3917] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 709.366564][ T3917] loop2: p2 < > p4 [ 709.375734][ T3917] loop2: p4 size 2097152 extends beyond EOD, truncated [ 709.534642][T32566] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 709.553122][ T2870] usb 5-1: device descriptor read/64, error 18 [ 709.578503][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 709.578515][ T28] audit: type=1804 audit(1594038782.880:297): pid=32609 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/352/file0" dev="sda1" ino=16041 res=1 [ 709.598469][T32566] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 709.645784][ T28] audit: type=1804 audit(1594038782.880:298): pid=32615 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/352/file0" dev="sda1" ino=16041 res=1 [ 709.694512][ T28] audit: type=1804 audit(1594038782.930:299): pid=32615 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/352/file0" dev="sda1" ino=16041 res=1 [ 709.720748][T32566] loop2: p2 < > p4 [ 709.735880][T32566] loop2: p4 size 2097152 extends beyond EOD, truncated [ 709.765765][ T28] audit: type=1804 audit(1594038782.930:300): pid=32609 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/352/file0" dev="sda1" ino=16041 res=1 [ 709.823112][ T2870] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 710.093026][ T2870] usb 5-1: device descriptor read/64, error 18 [ 710.483097][ T2870] usb 5-1: device descriptor read/64, error 18 [ 710.603160][ T2870] usb usb5-port1: attempt power cycle [ 711.326415][ T2870] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 711.533273][ T2870] usb 5-1: device descriptor read/8, error -61 12:33:05 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x803e0000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:05 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x7], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:05 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x8) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1a, 0x0, 0x9) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x810000000e004, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="eb3c906d6b66732e666174000204010002000270fff8f2", 0x17}], 0x10, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000080)='./file0\x00', 0x4dc5, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r2) syz_mount_image$vfat(&(0x7f0000000100)='vfat\x00', &(0x7f0000000300)='./file0\x00', 0x6e, 0x5, &(0x7f0000000640)=[{&(0x7f0000000340)="79a45a61df01a86f020d80f714c79a15047931d2a8c85977c224b89bc0b9cacb476df3d9f1ec37502d55f2bc296ce6d96dd7a5b39c8a40fd1d8e3693963647eca1c1e74c4abb51b71500ac9ead1cf6f6eeae84f3648cdadf19908734d1beaf81c044830e84e68393d6226929c249cf3cc908922b18306dae5950f003690cd8d3c3ded0b1e830cf39f9bb963b2040c4c01b13cb0a94ab0577097397b86a50ab069a08764b64a91b5dd44e1d39c1be88a7795208cea732", 0xb6, 0x18b6351c}, {&(0x7f0000001440)="54fdda06e18b8c30b933dff03737342f10f0f41ed76e7a1bd815da1a3946fcc8da51f366b37e2cb7501d24e289aa997f82b610e65d06e2c8a26b43129d6f8834770eaf563a9c614c5d9bae0ceae988d0a57773af85863dfce76593e756654a14fd55ef8b6453a40004ee12c426f07674c4596e4120efd7c442c5206531d79717c2c31faa57045203c63edd1e29c6f3720247a08969c4258359356fb7dda241f71853901d2277313a93d9fe92d178d23eda310ee581dc4705837ca236baa4e081304c0a27ed04f7225a0a3f4e54fdc8fe704a9799cbb2f636785dd99ef33c02412c7aa96b6fa8b68be561440fac2fd574b8c69d58bfcdbd20a961e70b5ef4841d1898d6cfa7ef13d3827bc442b076b749acf6be1fc62b4fe69d0e9cc897ba0d9ef9e5c6109aa0540336c52b891ce5c63ec7016f2936fc16de14b07be2b3552b77c074ce8ce72227f009096c03a8f82aa75abf6273d5716a4ebcec287e4a6640aca263baf397b4ce293aea50ccfada26557b36beb4ba289228e2129f6f86b0a10280fe4984cd4b4d81238f704122b1e2e4d1481830ee91b2da42bebcdafbdf4097cd6326a131d9c7320451493652f2a6bb29ebfb5976993955f32e9ab75c9cbf3f32b423fa1cd20a9cf840a60f1d9411b826e4e99468eb228659eda17695419e89e6bc9553ea82c8f7e2160af595ea2bb1c520df35454fc24713193303be2eef1af8c74b83dc52a3e089d22430da9abd8cb043b1063c554863c385e4d11a8339961a5ddfefefff250b7cd82edc8d57d52169047a711511aac89bef2f7b342280cfb41266184594d165fb4d723a6a5bcf7d7f8f1b0161311aa3e1677463839fbe7ea435c643ff62a223829bdd60b57e95519d9682926111cfa73f15058a12f6a300a66e9c7132e7dfe34606f4281a203023b991e4a78bb013efed67a20db1aae55af2819f53cc50de0f75f0cba7c384b0e50f4013ac286ed6ae979738a09c9d06a410187760ac1b9a3e4406f2c0a8d3118499a0f543eaf4964d6219a6d7e7b4acd37b458e4098bbeee9c4360cca3d88b4a0d08645fe180f06212d52cee898d7e14404563d01ad768a552112ac047b916cca4c06accd602357275c2c09ded4bb1beed9ba6b9e0b3478a26d03d339cee382a9e0b1f6aba1e6369e68567721198f99029c126fe91acc9d8f29dffedbab0a973995526b25e603b47bc7e359d02eee78e716565ec3f174049d1ea6aa25d93be96a7563558c6f4e483f321e64741ac31c8f3663a71c33b614066c6a9e2170d9356a021698d36e49c5f493c2e8a77e4597f097881dcbc9b2a01df95a6b4a06db52401955f574c4379e9bfb9e6f150d04305249ca34aa61f7981099e864327ac2f381dbcecd31883e447c50e375797149d69282e325c38f3776badcd25ac888c9997e1c94767cd24a9531a7801107aa7e208104f72877d8df420b72768921da3f920a30ffb0b49be7cc7d83bbc908a13ad09f7f6f01c99f6bc05067023b2673e67442d2c24fd3892ebad2900f7a697a6d6d69667505e02e69de19b4734c0c0c45415f237b48b439dc14b1a95de3bc0a9b248f00e0d547788ae33e4eeb13336bec7b282bc75d9b1939d8c8230377c5a913d103c75552458b945ac51760fbf1ccf0e48693b0d5bd2edd7eaff59ce6d343f0a8ea7c682ede6740aec14105fc52024ec3177fb3897ffde45682856dbdefe9c45af676e098f4d6675b2036d9fe2494a256cde9cc5d95bb309fd8259e7377291dc39af07740ff1967218b82440c9099a16d8f23668ab074a22763227ee00c726e238c00bbe742ccb1590a217227d58c5a632fc218a450e5ae8ed9a2ab1625bfe1e3a223a75f5cd036261083767c71dcb2bf6a4074b3ebbe35b822690dda22db1fb9ef886003e88f78177f099dd9b8f12e0e3eefab741def358b0b6b835be4e4ed8945b6607df62ac33135c355615e4d77657095adad366bd0b1406a57c9e8ef87da55e3966668cf92dc46ccf73c46a82cbdb1b4bd00f42bc232c21c8f82148066f38199039af08acc6da88ff47891dedb293e3ce88e15e21cbb75a49bd62a417b36d96dde777af3028175282f92972ad32ecf5acb6c07431fa68d3f9a4e19e8b0318d3191e9904bd0360c43c4bfe3505e88c5b0894baf49de5cb54d6aec8bd5319205174132546314c020bd8dc9e6e7c5af3de1f530ac796a4c55a8918835dabcadadfaf6c205477ebe27c207de91e8b263be71f0d8e89b15b276f4f9f0edbbb244414e6538422334f095f4c4d663ec749dd683fedcd53324a9be001aa4833611b0133617224cfc3140fe81f4a4362476f8b945661419ddf741b5f08d5e03991e16e4e096774da12b201942a57e3dcf63c9ac17336af0968a646d554760b7b416952327ba9e2e5e0adbe736689c8e59c2c516fce2b7d3cc9e7e160573b1822c036a2a1f122f069fc55a0961b8ce4116bda461a1ca7990b4cccba478a0f43baafcd6f524ac10f89c9ee5beed3a8b1a09cd37c53d074e186eca802ca8299803d4f948052edf67b3eff8a09ebb49bdefd9994812b9a1c03038b996458d7b7cb2aa41bb251d7aea0613d58b832fa7b51cd8308a9679578b7d35e757e4c6357e07aeab4c5436b1f0f150bda034bb0189898e294168a8d816ace54a981214d5d049d110019e916b40a8878c2fcb3128f031de9941722bda6708fa8a0be3a99819641808181c60a5c3e54f0307c42c6dfe3ab55889565993813682594d8a271dc8595c8953520c1b1bf968ad0a6d0a2fff51e6c35584ce9bd78d63e915466b924d807ce3087b767ad8e297fed4426c67d1fff99273ffd8cd489bd75005c4612ba1bec8f11287f8083349229112989bb5e69d6868ae8bb325a13cbacf60014d704f0c80fc4ed0c8d8f7d8e5db72102021bb76defe3784edbdf449cfaa6e44399174ff6a0f73b6f0301cb432b92ebf742012a785d91116f18a822e26b962cb1d7dc09ecc0abdbc2863e7d74d6cf39aa98519cf663771fcde81603ad0ac73ee9fa88c5fbb202f59a9db2d79c1a56a559fddbbb80e814de293c217ba13d3e2d75cb95dcaee8b473c68ede0af87b9b2ceea882902167cc78a0d398e5efa017afcbe1c5abaedfa9ad7bc92d5a56a72ef424efd80b4cefa5fd750e9f04e1d116c0a88afb3356396d68b9cf1e7d4bfa4e8973a10c871f6759d4ee28b93b6d9d8b4c5cfcb6a6b1d10775496501ae9c6f76a486adf687021929d2aba62f8cad486fe67dffb6c9ab4fd8bd5455154ff4696b79769e9fea8ce46134bb380acc47763f27883d1a3e879492857961dc3930f2ab4cffd07d38bbc0f71148169c0d080fe5da65f695cbda35ccf35c202821ecc0b785005a997ca6b04cffbc3767b56a1ce999cc44189edc8ae3ca0db45355032704a2e385c9765f80332e8fb6a0b653358eaf7d11b9066f9caa76b5c7ec92a8f9f56117e12d635fb7822c193f46b1697de9d7804698fd8ae62d1fd3bfe2bde1c9b3636fd47a6e9e32f6343b0d33ebaef028403171e4752c4cf98f142919277db4cdd9d3279e091cfa508026604f9e25ecb87922f5474e17a0f91fef3a570e3bae19de132ce0520c4a767d1e718869d43148191663239c5f974e4aa45d65b6077def40896de4c525d098159701cdfb8e95cdc2229b7697a8cd7c289c58c6243c24ca65fdf54d09d7bed480124dfb89be415ee15fa9ec59c7dce96691cb4b3e3629296f95c4507c42551e7825b633e3dee2d0dc5c055b618c6b9d597d4ba4f603114deb9bd7fb868eb0033295dd08f04faa0b583bfad5b02756bba2319171e3e1f61175f17e4c2153f0ae098f5deacefe4f26b748e3fb0a33fb9354b247bccb9828a7846fe1d38f50f1f5eaf7f9c38fc8a8f89d5de89a7610a12880d1edd4d0060595824e0d3d655d312b22cb3594ca64bbd2439578f43ce1d16e171f046b3809b119a711a59568a5d41999e3781046be434dd5bfe8d88f21b5e7e2463bdbdf1103257cf8fe6e707bf594b359436247972e4e87cb84914b0e934951d4a58f09f5cd1f31732f22960f02925a41559423c1c7711752a4abfeeadf242df513ec97f924e5e58f5620fe72e1af851cb157e876a60fa75f4c8e0bcc1b1262cd4af6385d3a5c476afbffe855ed9048818807ec7c4248c618b616832b11458ca4621649f2faf6fb28b93391811e6803b8ddae89f3c7d0876c874a266720e40a39a78fd78fb5c43711e26091ba70fb5f8c1a0d16e871b263c88870b01a44bbf3af4b4ec6a6cd4bdc13276ef9f653cfb84772a4380584a502a3f7039d01f7b7d0faa7c84dc46a1cfa34c2dc53f4740d875665b5c4b5f39899edbaa3104ec2e3fd49d635f21061b6bdaa3a4766b217ea22ff7a278acf395356feed639acd7584a8dc727aeffc64f821bf598dbe355f236fb21443b4f6be363236ba7d4a36f8127184a863cfd1db9584443306a839514c32af7d8dc0c9314dfc48b2e27085b13c53e282775f6655e699154411b3ec5430b9749b3684ce1b0c8ee2e193a8a5c2163ca147ac441136a836cb65cfee320fa167ca9ffbc48b51dc56951502fb6e7a8509def40bd4a32d37664bcd038c8b759919c07d9b6eca6082203c6d43fd0d57ca789b31100038265d5e4bc41f0f702d7751c0b84b9e70b22577d6f8e78640b1f60149b966863e270a9680e028679db001373ee576c68cfb1165de2fcd005f97c8bfdf13214dfd5d78087bc139f40244bdebf71d55feab190f049644a06807eaa8bc10d44a2d8054cb91643c52b0cbe8985fee713cdf9bdeb89d9aa3967f8fa37642641d5c5d66005557e7cc23132e409205f9a4ff12132fb1556d1cc2386e2143827e7b4c9ec3febe46faa7236e761a7495a744ca1e8da4edb21da68f104735a6056f03952c41dd5c7fbe157792ab381c5792357b7e1b924dfadb6754aacd662d968bb737e4e971376bbcc60385ed1dffa1cb26ec728ab2c496b2d9d8cf979de85654b6a5e8a916a7ed1c3c4599ea9d904bf0a32d8c5270ec660452573a10c5aa2bc3e6f24e8967ad4e210a8a68a4b8b5aedee8435a5e1eae772ddb068f8881ba3aeebebd067c412223484ec187814ae754d9dc2a09cfafc14080fc815448ce486d3745d40cbbe6e5222bf53e96bbd792e02eb51c4fb235676f8867c964b873c98307b6bf0139b8c8ed6077079ae39d2acca829e202410e9a43028adc71e6124debdc2fa70f83c9dd6b8fb47384504854330c96061bd81755ad245e31f0d40ac341081224c67385c69d1bab64c47f7a956829a2b89bea881f833a2b5fae9acdb9a10ff6054d59b116823de21f9e0c19a8cd0409780126277d702e9f3689371961e224328652c8614bd9dac48db523c8475cf18b4b6403a5a59adebfd4eb6bf0da31939cf74eb2fab7b7cbc4408949c22d74cbbfab8d9065ce42633405e8d329b294a2dacce6778574fa34315781f5119b7aa87a2d8766fe616e809c4bcedf4bb38295e9ec62301d0e0d14affc0171c010191572d444bee16ecc1b038b8f58a1d8dca9854b4a66bccbf84fb0cf6714b9baf8687e7d3bfc4b1ea71d3d875722bc5cf9efd977df6fc90716144c8eeeb6a3fe34f9321e421882de63a0201c7b6ef8f4651746c3966093a8b9d9870f0de96c5ab1c244e1c0952c236130b21af467e5bd098585f02eac3feff74f6d3e7dff3cc3a345ff18186d0b06839f001a7dcf5fac174850a83bffd46e682741fdbca3bbaf0926ee511407a623698069e4d4ead9dda66096b78d41502553a04642802378586c770f1b02d100f5931f207f0dff6758b93", 0x1000, 0x2}, {&(0x7f0000000400)="b0866c9e2f6d2db8dcb9f4d47994c1c37d41cf0ff2fdd7", 0x17, 0xfff}, {&(0x7f0000000480)="d9ac636266c7f97b425c3663ee32c83125f6bea1cc72bebe3f007c16dbc5c3f9fd6957c30381e50a7c4ecef99591533f9c3563057e8def499b72574e97d2e6e66e5deb508a21a0126d619d3378f210998029590c7acff01257acd3eda390db4fa68eec6d842f1e9231a239675cbd7f33121a2ebc781a2ff526871562b796e1983e8485cfe8182b255336798312d3672f2822bdf24804d18afc2fd0eabe23a76863812846ac62382a8bd4e6c7053557192b66942d1b7770cb", 0xb8, 0x1}, {&(0x7f0000000540)="34f04e52e644f803207591922921550d36f7f0ff4ed4ddd1958627c4c64b3f78323753ece7b1798346cc2a3f4cabc6c47f00a4ee0010c68b4ffb041e215b8e515f70c61c224c7673a697b7cb2667c43a9ba3d7fb1921736b12b511d0229299ad44ed69ff523def4a0b7939b8551d37aae92d3ec8e5f59faa2f38281d3572ede1f682b2ae8356974499d13e4bcdbd7ee8cfef3219d8454659ca700b27c13448d2e2e380ea71287cd0826985f11fdbba7d9c00df46e1f7a2bde92b8556dfd3287d042e1e10a00714cab67d0d5bd4266980536b16faf8faade8c922eab36f7fa345c974f011", 0xe4, 0x4}], 0x200c082, &(0x7f00000006c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030362c6e6f6e756d7461696c3d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746ed1d3bd91b9254ca0616d653d6d697865642c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6f626a5f726f6c653d2f6465762f7562695f637472", @ANYRESDEC=r2, @ANYBLOB=',smackfshat=/dev/ubi_ctrl\x00,func=CREDS_CHECK,\x00']) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x40fffb) socket$unix(0x1, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x244601, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000200)) ioctl$sock_ax25_SIOCDELRT(r0, 0x890c, &(0x7f0000000280)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x4, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$PPPIOCSNPMODE(r3, 0x4008744b, &(0x7f0000000140)={0x21, 0x3}) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bind$llc(0xffffffffffffffff, &(0x7f00000007c0)={0x1a, 0x313, 0x3f, 0x8, 0x9, 0x0, @dev={[], 0x40}}, 0x10) ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000180)) 12:33:05 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4041c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/150, 0x96}], 0x1) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000280)=0x9, &(0x7f00000002c0)=0x4) timer_settime(r3, 0x1, &(0x7f00000000c0)={{0x77359400}}, 0x0) [ 711.742961][ T2870] usb 5-1: device descriptor read/8, error -71 [ 711.869403][ T28] audit: type=1804 audit(1594038785.170:301): pid=32714 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/345/file0" dev="sda1" ino=16368 res=1 12:33:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x8], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:05 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xd0070000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:05 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:05 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4800) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 712.200935][ T28] audit: type=1804 audit(1594038785.300:302): pid=32713 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/353/file0" dev="sda1" ino=16372 res=1 12:33:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x9], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 712.380455][ T28] audit: type=1804 audit(1594038785.300:303): pid=32722 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/353/file0" dev="sda1" ino=16372 res=1 12:33:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0xa], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 712.627000][ T28] audit: type=1804 audit(1594038785.860:304): pid=32752 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/346/file0" dev="sda1" ino=16064 res=1 12:33:06 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:06 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x48) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) sendfile(0xffffffffffffffff, r0, 0x0, 0xd) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendto(r4, &(0x7f00005c8f58), 0xfffffffffffffd65, 0x0, 0x0, 0xfffffffffffffe29) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) dup2(r5, r7) ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f00000000c0)) [ 712.761499][ T28] audit: type=1804 audit(1594038785.860:305): pid=32758 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/346/file0" dev="sda1" ino=16064 res=1 12:33:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x10], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 712.909944][ T28] audit: type=1804 audit(1594038785.960:306): pid=32754 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/354/file0" dev="sda1" ino=16017 res=1 [ 713.059752][ T305] mkiss: ax12: crc mode is auto. 12:33:06 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 713.131648][ T320] mkiss: ax13: crc mode is auto. 12:33:06 executing program 4: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x28], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:06 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6800) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:06 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x29], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x4, 0x4, 0x4, 0x3}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r2, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000014c0)={r3}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={r3, 0x7, 0x8}, 0xc) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044940eeba71a4976e252922cb18f04000000000000012e0b3836005404b0e0301a4ce875f2fcff5f0300000000000000800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5f6db1c00010000000000000049740000000000000006ad8e5ecc1f003a09ffc2c65400"}, 0x80) getsockname$packet(r4, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r1}]}}}]}, 0x40}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x15, 0xa, 0x0, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xe}]}, 0x28}, 0x1, 0x0, 0x0, 0x2}, 0x0) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm-monitor\x00', 0x4002, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r6, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x88, 0x15, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000000}, 0x14044000) 12:33:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = memfd_create(&(0x7f0000000340)='\x00\x00\x00\x00\x00\x00z\x9b\xb0\xe8t%\xfc\x96L\x82\xdb', 0x0) write$binfmt_elf64(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b42b03003e000039a594f0311fd83d000200000000000000281293bd5d74dafcfe38000300000000000000"], 0x3c) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r2 = dup(r1) write$P9_RGETATTR(r2, &(0x7f0000000100)={0xa0, 0x19, 0x0, {0x0, {}, 0xc2}}, 0xa0) 12:33:06 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x68) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:07 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x33], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:07 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:07 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7400) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:07 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x3a], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:07 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) read$midi(r1, &(0x7f00000002c0)=""/4096, 0x1000) syz_open_dev$sndpcmp(0x0, 0x80001, 0x182840) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) sendfile(r0, r2, 0x0, 0x200fff) write$binfmt_script(0xffffffffffffffff, &(0x7f00000012c0)=ANY=[], 0x6db6e559) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x8041, 0x0) accept4$bt_l2cap(r3, &(0x7f00000000c0), &(0x7f0000000100)=0xe, 0x800) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) accept$alg(r4, 0x0, 0x0) 12:33:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x78], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:07 executing program 2: io_setup(0x0, &(0x7f0000000100)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = dup(r2) timerfd_gettime(r0, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) move_pages(0x0, 0x2, &(0x7f0000000000)=[&(0x7f0000000000/0x2000)=nil], &(0x7f0000000040)=[0x1], 0x0, 0x0) 12:33:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0xfc], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:07 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:07 executing program 2: syz_mount_image$xfs(&(0x7f0000000100)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x9, 0x3, &(0x7f00000003c0)=[{&(0x7f0000000240)="3f363bf603ad31500e5a651c4c41246e6918edec76564d9af52b5795cd1ad3bfaeb92258c29032177e4e6dcb8c06b42865f7275bf6efa88c7d7ae5316bf26eb0cbdeaed3d7d24ee62ca80eefe1d7352a59aa44532a2fbc858a1a3740172fbbacbafe50cf02b1705c43ecaf6259bb3b07c66a3c089b4557c36c4571c1c3054e2a39a424f48462c35db6aacc5d28ac51bb4091f2551c3b8d857feb128318bd4556f6e51f2b607700b928cb39b8bcaff148f2d81cfe05257e7f63adf59a291a", 0xbe, 0x3}, {&(0x7f0000000300)="063bff557323166999390b90c0a935490ce8f5f92abde64bdf73999b29a1ce38fd7844af916f17f8451f51a24318cefeb68970dc04ef85e4ad00a3c2440b7b969a056c04fa4f0d3c75fd36dffecf770edf2deb", 0x53, 0x9}, {&(0x7f0000000380)="3899572a39ed7780ec476729d252a385b06909870a086fcb3c6d626e30fe4a057d00bf8308f7fe2bb9c21e4645666a13830df9f57df1", 0x36, 0x9}], 0x4004, &(0x7f0000000540)={[{@rtdev={'rtdev', 0x3d, './file0'}}, {@dax='dax'}], [{@fsmagic={'fsmagic', 0x3d, 0x1}}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@dont_appraise='dont_appraise'}, {@smackfsfloor={'smackfsfloor'}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x32, 0x31, 0xa9, 0x63, 0x30, 0x65, 0x35], 0x2d, [0x37, 0x32, 0x0, 0x37], 0x2d, [0x33, 0x61, 0x1b, 0x63], 0x2d, [0x0, 0x35, 0x30, 0x65], 0x2d, [0x30, 0x34, 0x31, 0x30, 0x33, 0x35, 0x33]}}}]}) r0 = open(&(0x7f0000000180)='./file0\x00', 0x798801, 0x63) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000001c0)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000bc0)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fd36ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132abf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e67da57123717b2dc1ab692e5", 0x315, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000040)=0x48, &(0x7f0000000140)=0x1) umount2(&(0x7f0000000500)='./file0\x00', 0x0) 12:33:07 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x74) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0xff], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 714.674503][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 714.674514][ T28] audit: type=1800 audit(1594038787.980:316): pid=411 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=16379 res=0 [ 714.716133][ T420] xfs: Unknown parameter 'fsmagic' 12:33:08 executing program 4: perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(0xffffffffffffffff, 0x80184151, 0x0) bind$unix(r0, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000040)={0x20, 0x40, &(0x7f0000000100)='Z', {0x0, 0x10001, 0x20323159, 0x5, 0x0, 0x37, 0x6, 0x1}}) sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001500020028bd7000fddbdf252807385fd7007bb54b1144e4524b6c767e3c573f22504ecb72050000000000000083ba6c83dd014b4d9be33bd1ff6f748d4ac59513d1619b4ded00005dccbb419c591c41c881049a53f5f0658088aac77d224d636eb5b3fed994a67b4c57f538b3e916d56cd03299b9911a4e419663be6ad51d1e45cbbbbdfadae85dcfe27be24e3f8940d46c1a7f15dc740ae52336ce097e3b68332505ff5c3b491241aa8a83bf737231c0bda4f1fb1f5ac848334cce47a9759194ddafee19c287f67a46f6b4a23d1048bf8643f8377bb7a18508c55dc8028a499637d1e6d59cea8c97a797aa3be8c2361982c2cc551c3358b1d4a8ed449af04c7af95b81657bee4d96003a15b55394747b4561574e1cfe217278fea3de9be24d265d817f70c9edee0fa67097615a2c4dc80a8f0a683e54439ee86cad93c656944f812aa0f967976ea61e637c730baa66239c46e3f6d3966b7c935ce996866c1fe9ebd981de2b018e37af7e0d0690b9fe67c8d2cd3ce6883955825800"/396], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x4044) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$PPPIOCGIDLE(r4, 0x8010743f, &(0x7f0000000000)) 12:33:08 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 714.800940][ T420] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 714.810623][ T28] audit: type=1804 audit(1594038788.100:317): pid=419 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/351/file0" dev="sda1" ino=16069 res=1 12:33:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:08 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000200)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) socket(0x10, 0x3, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x6a2f7c57e6ae710d, 0xffffffffffffffff) dup2(0xffffffffffffffff, r2) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(0xffffffffffffffff, r3) ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f00000001c0)=0xfffffffd) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x600000, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r5, 0x800c5012, &(0x7f0000000180)) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) dup2(r4, r7) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="c94202119c4559c1446d7e98d5313a2843f2873b0597c84e0ac586fdef5193fd07e075e76a8a4f3326904709dfb978034af73c976511f0b684f20f1fe7805f025f7ad0a89214c81071ee5c9dc6271d4145b959ad1754d3e3d1890ce70f6de3dcd5e023d687c6afc0990ab50aa688e396d10f77f1a9f3568f2b364a0fa9ed42f59426afd730a5fc40a5646f9cf87cdb64628480380840925ae3fe49f5e6c5ac72e90f723a9e5ffd10b9daf7089e40c6d1adb511a339dcb763ccfe61a36caca18efee79f1aa40e79997d8a0f74fb4c68a11d14ff7b63cb0c5ab3b5be7f0f46b614008eceacd0756651c3c521051a91ba6546b9a6fac444f9a94565c7ca0df4b4ee0003508c5dea822bfedd4cc4dc9e5cd4868d6bc6580c51615df221b835fe0902a28256241f4d53dcac40a9e60e2db05725079660a1a91d1fe5f225a1ee5817bb0b6e5da0d4b48ccdd03afa78127efc581e74cae00c270aab9cf17cf87ca6d711f7cf747dafe98a408a7adc23ceca08302d3d8c70cdd5b36d1af5c28c86bf3a8cac265f5dd4ac5351d25a7f57e17e2482151f5317a379f4e9426bc9806dd0f21a9e1368b3a70e2a39fd18261a2b4f7bd6f78f87cf3d5ffbef3abeba56d0540ddf528a74baaef15d37067d1cd945411ca999dfc8efe041673ba261dbadb8043fc65af292b57755d87fbff596d5958b2da62e3a696b579d6da1f09c5302098ec20053d667ba441415f24aa4fc0ba8fd5e4df8f53dc194686c9fd54542248194c92b9f82c1f9d2d26a5b0d5275378094e7cdd43757074873632f16f506505de7b17e2522e2b2601fda7c364e1ce85d09cd4849fc561f75c888fe9af4c97f8910b5c59a2086662666e94f181a89522a7915773794061078cb7461c81010a225f7fb1d08d9fd62ffa245ffc38483e8bdc56fc463d844e27a67d8418084fde6c8e52b6c8965d89f098fa78b1238d3f7c080087af1fcc309ff35880f2b51b71a660e95ed1f94faefc860deb4eadeefc97b1dae0581896e518cc6c78736b0cf49b6f994dd820d9f11fdd42a9369a24ada2b9af60ab0bb7e09eb7c9a41fe16b6a07407cb55ae267ce7a4f242d05f70b56579a196fc77e1f1ac4869b7498b5d34970fe1d00d02e92ae4ba3e70e936e73f9efe25c4df2d1e11ccd1857d37a8e75ba2e3277caec426f438fa20e1184cf838cb1da6f659c920e2fd192adc12f7ce4c9988b30af7f387dce7b8a61ee5e53c5305e6de7277c747413ad3be5034b9719d5aa229c76854e3d5aff787f925b9ed17a702c6a0183ceecc2304edfb5dbacff3e189917afb9234133e5a8de5d4999ef9c7c6d50d36172556559885357f9d090747756f6992bb7c779f2cce00913f588f448b34e3495a398abd7c4f20184197044e274fc9015753e4eda96e44ec0a4cd023605a7289c6c47868916ba41dae07b5b38ed2a92043add4a52317cc1618f5a63d6fb266c645e9e5363e75464fafb2fa291f2792f4337e5f0d868eaad4f3253cfd87f0233749a44b06927243afaf90dad253757b9d5eec14a7a26710abddd622c40e3bc5ea50b5c2473a04afa419a0cea08661ba0c4b13c5de09c2273b5ff0c38a5b1c1c7697c9cc1f0b3a3be81084bf15ffb9b1dcd2d599b771535338018da8f561eb9d2a986ad9dbff556eaaa4de10f95962e57b95723de90b62f7c9a604cb4901ff5a03fa2c28dcbee49e9b9a34be7f2ded3bf7852f40dfa7c23c049aa18712c18be6a127c18cef6ba130c9a14ffbb43b8751ec23589c895fc24fe49dc580c11496132dda9b365e5581afc570073399088cc6fcef9f6482f839f7b75582ff7534974d9b1c06b7d3dbab27f868d0100d4c059f855b3fd9ae971c2a302e9e7b7547cd2c147da1cfecd34d16e184c36ef2f61ccda545e9b549dabc06ac52fa6b056d4a7f2b59ddf500233da80fc2947696ccd9907310cc9d67397dd40f14ce0547411d5e32ee3dc00e48c10bb3989488d36b2b2a1e5fc2ad875d7c2371d05022bd3ac398dffbe3a26b3cef8afb205c308c1cde9961518ca2d3fce16dbaa2dcaa2da050bcae9c77705614e874ef97f29d53fd0bf74e8ad713e182dcc983d8ee39a55da064033fc76a139ef8f7f67538fc2a3b89f43b84fc70847664c6e9b7b8f7fd7bdc9f8edaef7ca1775b1f0ab390a60a538f92a561edda91ec3a5649636acef96e16c2dd2246f4fc072eb894c05cca74e49d2a081793a6e3a2dc3d6651f7149c412f4efabfe5fd55feb7356bc832eda3c511cf8367618f785b183a202e55e6cf4c69a69469bd5247b47fd9b4b307aefad8166ac3d92d821917f053c10568d2e549329fd65cf602dbdd80cc84c10ef8246ed31192b04d4a469cf295fed8d49110c48e6374c3aac83ff9a02cd302aa227633b561f6cb0f8b44d24d9b68d142213ec7e1c8ea1714d4ddd8ac85875b707c308f5b5c08c2625679183b23d3df5b7cf97019818e1757f61e1cbdc5da079703395e0f7c37d9d97edc67f231f8831e2e5e15d8b48ca55dd86fd9e40f6ac7c7b1505f6157350117d988036e24c50e7edaa709ad928dd18aca98758ad6f17d22e9fbe6aa0e480d62269cbf44335335476e8b00cb3e51c9a4831285d2a5deb64cab4f23931c71535c6f5d174d9bd33048f40239d83ea91f9ec0e4fa0bddab2861eeee5b13659533cd404a81ac362e37b37de29125b187ca90015dc53fe8bb9115751eeae8b8fa1635a499f808b1fb233d843ff29be78f347f3a1e94b3d419c147c7882c9134a85d79f4a3fc004c7ece6eb08fc0b3e1bad4c10faf817b5c5dfc48d9ed185855d8b6b57b0e5aacbb995660b8bd4eed8d4b4583709f3a24eebc68682fe8249b38e151c5de549a3f2f952a2a543dfcf6ee781a7b44bbccf1ed5255b4aa4a3caf3a06194831d551479fb24772f452a01c10f3ad716eed70775dbcb8acd2d7b300fb1d64e56c4c753f0daedfb7c7479c4bae4d0f7776c594b63aa88c3271aa15f406c34e3a28f9764bbb5c96ad49262bc321f761cffde6b837584e64d7524891cc7ea097f92fac1f50544115f65b5d051df087db28ca47793a40f68b01276180bb2ec81a7074a33a02a639b2a5b2b74d39e377e0138ba2512e74792d11e04950c11f4ff1c4f89537ced4026fa71614f1d2269d66afc1a822d5b500857d6888a62b76bae757db279fd53d61c6cf2e2220b72fb2cfb991598e26317ca84e8527915f803d9890c90d91cf22c790f979f377870ffb8c1905d8f5c713313f4da187f35eedba87a6bf1708675abf9477f3722c0499521aed250981d6cefb23c4a284adfd24d25503ea8729944b3d1735a542f1358f12745b04880a3b191545e2f02556188287268e53ddb7c5afbec7ba908783ca80ac2127aa01de86b6832348fea98783f8220f3b570054ddfd67cd3f7f5bf52359502a6192a436f541d164fef242081366feea01c4898cac8d763efa8d272dbf0df86d9d82f976dfe05d855ef5d64b6aab36d34f70a2f0ec02a4c122131a218f6b3eedb1a9f2a01579fc635e96712757685a6ba6fa42555804ecb30260f9ae57b2414be9b5a1668790ce773ced190bd8b245e7735289613f2254ba2c8e77c279efb4bcd3ae5ec066e9e40e5881a685ab2f6d7580bc01d84245e2a0f0dc613ad418c17c9755409265c557086e640bcb81dd500796fb7fb63c6f245bdc82f0723a486955c6a324ab1850b3a6461ecade2916e0d852b09fc83ad0443f9920ed1c44919d026a4a1fcfa41704737105cc36bdd099f553fcfb497e39fdf5189a9fc59877a5947d28c878b299b6149f16325cf140be3597ae08e344a320882c458e8db660767560c65940c7541aa8b0a5a21c34835c329597f945313b770bcf8521996c610d06d13629da493b677c136aa4e6a02f02381c5ec842f5568ff3bebb9c8f18df438236ee737c954f90eddb64e1b5dd20ccb2c08defa30cc143742af33b52ee5092597316a3b8d5b850669a75de39e2c9e078b469e62d9568588c246c7378ab49951d3629dfd68e43cb600879838cb18f001857bef416d0c78b26369085c3fa33ac0998ef8aa6e8b91773e1031350f277e1f91fd335f4cedfe1ad1f3a9651ed25a3fadd2ba566dc6c1091e020134b09ff1843c28253872964ac7b66e431d0d010ea871a5d7dd118795dc1989d479ce96acda97e04525cc3efb0ebbae10767ec04b519391fb843fd5ae80379529ca70f3e8605c93d7e1eef861bd53937286d9ce1a583dc977680fbb55fbf09780da5918f70485dd18b06d7b008a6fb6f60c840f05a63cac195be84c7bb8de500c4aff516c94547bf7a1f0a0c8d8a7b0392a1c2d58d6a34b903ce846946a16a003fa5fd2524e2ca150790bb7a797279b5976da420b69221a70afba791cbb6239594cae106b53b17787e37db7af6cec10227da3ef2dbeacdf9257ca69e3fc7134f9b5d75401b205c2251c9c83d73430159c68d40a734b4a87e949bddb2ed392ec5bf42815b9a24b7de04e8abbe0c006e425be864ca7baf980315b84c806c1ae072afb3ad201780839a14ba413cd53944890f82e553c0934ca3b06aac7795f70a84bf317eccdc08cad9e7f31342998223666ee138ad40f14fe90d2336f4f98dda056ee63d36d6f87fd7e0f5baf9ab785aa93ea51c3723ee7126493da08dc4a7bd2ecb5209fe26f111d2a4d962a550e7d3748e7b106b8c2a0ca0ff427425b53d2f1e1fc7241e0723022eff350afc7416278c99ab070b2bf518f3f050cc22f78ddd1e9c379da658d3f0eae9ff5136858a72bf24acaa2588eb2a8bf514876b68d232a2b705fb0ba49b77bd9c313dea1369bb4ea28aae08998e36ffdb278118a30eb9e092a856201fe91e8eab2903353f12a6a23e6b8b1778d04d96b5922b761f1479f1cf0c7864e3d36d8d19e580d7a6a3ab6635aae75a29b0700d41fc7359b0b73c58da02fac64de06781977e498d24b431a0d6ad5622c7b933703fc35f23d47aa337b177e051f00373a2703687e37060710cd63ef627bef155fda9f86e17bb4316a2452810e9e0a2f3c3820d2c50797f89c596b756bf186011ca15a2344ba8c939701c9eb9967055688abfefc890faee75588bbca8c9a2e4ba79affbea6abb7e8e34312b3b785389c7a3fac701d4c9f2fc3ee7dc28f70a239485a86ec60dc46b8b366e1ac3746acfaba4abff2014f6e4d5c5437ada8976d9557a8b219b848c7d69faf49fafd2ea63a43d9096a1fb8b1dc4504e37c90db34190288953bbcfec62a73a6c1f7141538f49ccce900d2145e016a1cc0eff534eb1cc9309bf84bf9fbaf246c4aaeb037a85d2c1d60a39e79db21002e51aa92e7bf65ffb1c743137c7537af1e35808f0467e983758eb826b2443bdfe2015425b008906895bbdb6f4fe50d221bf845e0da8418b6ab8ea354450ffcc26242b7bd07d2c45a32d2f85c248840349f6148433c7e339f8bd29e5cdcdcc2fa851554bfa88c03e75adf5e3c21ed5f4e33ec8f37ec222bc9b6e69f495e31627cdd94d625f66c4af11e19a55c57c8620c890f1db4ee91cf5395f0a1316f497df19b27e854f9e7770abe61f24d6522602f58c6898e2ac780854af961d109ab30903a6fcabdbc80357948d5cb99888693b6088ebde22e0a32b7a27db8941595e21cce71744fa2d7d1a3ee055fc76f47783cda6c819a3eec56e69c447aa97285b0894d172b28591b185aee85823ddf65692a3ab3b3ac91899850a251faa70496df5b85c6e6f80c193144dca8362a27f9d358c0b987a262e6e171f6edb955d97a9b707cca6de88be194ecd662b44e6fb8c57000000000000", @ANYRESHEX=r4, @ANYBLOB="e4aedc2277bca9777a25d9f64c364becfb5378bc1c4db9487104e11f31a63bfdfc62afab35d9532290e1cb2234f0b170171f6594dd80afd9f9b86df5ea3742015a87321f0eebce44064cb67fe7b0f3affae60bdc9355bbdf2e07fcb76b15f6a407022f9aafb01fc5c87e8db134313bc666f1b74f9a01d98f29e83a2ee274fe658fa7515c8e31828b85a7233cb0e3e8457529d4e8eee84dace49590e6aa8bafcad822c63e016af25ac93dc64881518f7c43"], 0x84}, 0x1, 0x0, 0x0, 0x5}, 0x0) 12:33:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:08 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 715.001613][ T443] mkiss: ax12: crc mode is auto. [ 715.016545][ T28] audit: type=1804 audit(1594038788.100:318): pid=426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/351/file0" dev="sda1" ino=16069 res=1 [ 715.090814][ T453] mkiss: ax12: crc mode is auto. [ 715.111561][ T28] audit: type=1804 audit(1594038788.150:319): pid=419 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/351/file0" dev="sda1" ino=16069 res=1 [ 715.126233][ T443] mkiss: ax13: crc mode is auto. 12:33:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x2], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 715.165890][ T453] mkiss: ax14: crc mode is auto. 12:33:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x1000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:08 executing program 4: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x74) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 715.229632][ T28] audit: type=1804 audit(1594038788.150:320): pid=426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/351/file0" dev="sda1" ino=16069 res=1 12:33:08 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 715.351696][ T465] mkiss: ax12: crc mode is auto. [ 715.368153][ T28] audit: type=1804 audit(1594038788.200:321): pid=424 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/359/file0" dev="sda1" ino=16382 res=1 12:33:08 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x300) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 715.397692][ T453] mkiss: ax13: crc mode is auto. 12:33:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x3], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 715.476324][ T28] audit: type=1804 audit(1594038788.200:322): pid=428 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/359/file0" dev="sda1" ino=16382 res=1 12:33:08 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x2, 0x3, 0x290, 0xf0, 0x0, 0xf0, 0xf0, 0xf0, 0x1f8, 0xf0, 0x1f8, 0x1f8, 0x1f8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'ip6gretap0\x00'}, 0x0, 0xd0, 0xf0, 0x0, {}, [@common=@inet=@l2tp={{0x30, 'l2tp\x00'}}, @common=@ah={{0x30, 'ah\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0xa0, 0x108, 0x0, {}, [@common=@ah={{0x30, 'ah\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) ioctl$SIOCAX25DELFWD(r4, 0x89eb, &(0x7f0000000000)={@null, @bcast}) 12:33:08 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETXW(r0, 0x5435, &(0x7f0000000000)={0x7, 0x9, [0xff, 0x0, 0x40, 0x1000, 0x1], 0x2}) write$binfmt_elf64(r0, &(0x7f0000000080)={{0x1b, 0x5b, 0x7, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2000000, 0x0, 0x38, 0x0, 0x7, 0x0, 0xfbff}, [{0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}]}, 0x78) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000180)) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) r9 = dup2(r6, r8) ioctl$TCFLSH(r9, 0x8926, 0x20000000) ioctl$KDGETMODE(r9, 0x4b3b, &(0x7f0000000040)) [ 715.602732][ T28] audit: type=1804 audit(1594038788.600:323): pid=474 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/360/file0" dev="sda1" ino=16103 res=1 12:33:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x2000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x4], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 715.705276][ T28] audit: type=1804 audit(1594038788.610:324): pid=476 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/360/file0" dev="sda1" ino=16103 res=1 [ 715.706513][ T28] audit: type=1804 audit(1594038788.730:325): pid=500 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir169854578/syzkaller.xi8mmt/268/file0" dev="sda1" ino=16375 res=1 [ 715.718863][ T520] mkiss: ax12: crc mode is auto. 12:33:09 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x500) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 715.786851][ T528] mkiss: ax13: crc mode is auto. [ 715.839847][ T528] mkiss: ax14: crc mode is auto. [ 715.870390][ T521] mkiss: ax15: crc mode is auto. 12:33:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x5], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 715.944270][ T527] mkiss: ax12: crc mode is auto. 12:33:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x6], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:09 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x60, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) fsetxattr$security_evm(r3, &(0x7f0000000100)='security.evm\x00', &(0x7f00000001c0)=@sha1={0x1, "a44c58d7d8592214709571bf80449dc41f74fd1a"}, 0x15, 0x1) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000140)={0xd0002, 0x0, [0x0, 0x0, 0x2, 0x0, 0x1000000000000003, 0x101, 0x2]}) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x109001, 0x0) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r8 = dup2(0xffffffffffffffff, r7) ioctl$TCFLSH(r8, 0x8926, 0x20000000) getsockopt$bt_rfcomm_RFCOMM_LM(r8, 0x12, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4) accept4$tipc(r6, &(0x7f0000000040)=@id, &(0x7f0000000080)=0x10, 0x80000) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200)='NLBL_MGMT\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 716.128164][ T575] mkiss: ax12: crc mode is auto. [ 716.165778][ T583] mkiss: ax13: crc mode is auto. 12:33:09 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x500000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:09 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x600) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x7], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:09 executing program 2: syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000980)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c9]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 12:33:09 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 716.389904][ T597] mkiss: ax12: crc mode is auto. 12:33:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x8], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:09 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000020008112958c80ecdbe9599d7b00000006000002810040fb120019a906000500030f000000000000000046f8b94a456e9f2111af9054bac3d6a601bca26336abcc484398d90ec44afb", 0x4d}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 716.653727][ T634] mkiss: ax12: crc mode is auto. 12:33:10 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x700) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:10 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x5000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="50000000100005076c00001c772b99b99124396c", @ANYRES32=0x0, @ANYBLOB="00200200030000001c0012000b0001006970766c616e00100c00020006000100020000000a000500340000000000000008000a00", @ANYBLOB="af"], 0x50}}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x7, 0x1, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000080) r4 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0) pipe(0x0) 12:33:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x9], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:10 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$RFKILL_IOCTL_NOINPUT(r2, 0x5201) r3 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r3, 0x208200) open(&(0x7f0000000780)='./bus\x00', 0x0, 0x10) [ 717.038624][ T667] mkiss: ax12: crc mode is auto. [ 717.103100][ T676] mkiss: ax12: crc mode is auto. [ 717.155672][ T684] mkiss: ax12: crc mode is auto. [ 717.351982][ T702] mkiss: ax12: crc mode is auto. 12:33:10 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x600000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0xa], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:10 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:10 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x14fb01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1\x00', 0x280c0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$hwrng(0xffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000000)={0x56, 0x78, 0x4, {0x2, 0x20}, {0x2, 0x5}, @cond=[{0x1, 0xcdcb, 0x1ff, 0x1, 0x2, 0x80}, {0x5, 0x81, 0x9, 0x3f7, 0x200, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$full(0xffffffffffffff9c, 0x0, 0x369282, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c8]}) add_key(&(0x7f0000000200)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) write$evdev(r3, &(0x7f0000000040)=[{{0x77359400}, 0x14, 0x4, 0x9}], 0x18) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0xffffffffffffffff, 0x80}, 0xc) write$P9_RSTATFS(r2, &(0x7f0000000240)={0x43, 0x9, 0x1, {0x0, 0x8, 0xfffffffffffffffe, 0x7e0, 0x88, 0x0, 0x0, 0x45, 0x2}}, 0x43) 12:33:10 executing program 4: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getuid() newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000400)={{}, {}, [{}, {0x2, 0x1, r0}, {0x2, 0x0, r0}, {0x2, 0x2, r1}, {0x2, 0x8}, {}], {}, [{}, {}, {}]}, 0x6c, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x4000) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x8d002, &(0x7f0000000300)={[{@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@fscontext={'fscontext', 0x3d, 'root'}}, {@appraise_type='appraise_type=imasig'}, {@subj_type={'subj_type', 0x3d, 'workdir'}}, {@seclabel='seclabel'}, {@euid_lt={'euid<'}}]}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000000)={r6}, 0x8) dup(0xffffffffffffffff) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:33:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x10], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:10 executing program 2: clock_nanosleep(0x1, 0x1, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaa9070519f5c6686dd6020920000140670af5d9300fe8000000000000000000000000000bbfe80"], 0x0) [ 717.652249][ T730] mkiss: ax12: crc mode is auto. 12:33:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:11 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x28], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 717.892855][ T740] mkiss: ax12: crc mode is auto. [ 717.903589][ T751] overlayfs: filesystem on './file0' not supported as upperdir 12:33:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x29], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:11 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x700000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:11 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f7e00a6aff4660f3a6222fd0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) bind$x25(r0, &(0x7f0000000140)={0x9, @remote={[], 0x0}}, 0x12) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xfffffffffffff7ff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r4 = dup2(0xffffffffffffffff, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) accept4$netrom(r4, &(0x7f00000001c0)={{0x3, @netrom}, [@remote, @bcast, @bcast, @null, @bcast, @bcast, @rose, @null]}, &(0x7f0000000240)=0x48, 0x800) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8, 0x7, 0x2]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000180)={0xc, 0x20008001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:33:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x8000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:11 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x33], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x3a], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000640)=0x14) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0x14, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_QUANTUM={0x8}]}}]}, 0x48}}, 0x0) timerfd_settime(r1, 0x1, &(0x7f0000000100)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000140)) 12:33:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x78], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:12 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz1\x00', 0x1b}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, &(0x7f0000000000)=""/157) 12:33:12 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4800) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x140, 0x0) ioctl$IMHOLD_L1(r5, 0x80044948, &(0x7f0000000240)=0x10001) ioctl$TCFLSH(r4, 0x8926, 0x20000000) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nvme-fabrics\x00', 0x80000, 0x0) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x2) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b000300000000000000000000000000000000000000ffffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000080000000000000000000000ffff010100000000000000000000000000000003000000010000000500000009000000000000000000106cf4aa4ac99e8d0000fdff6c6f0000000000000072060a43cef0a852010059da58cf9800000000c39e1aa2632029e60000000000000000a85f001a4b0000000000000005000000aaaaaaaaa9ffe9020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d0000000000000000f4"]}, 0x19d) r6 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) sendmmsg(r6, &(0x7f000000d180), 0x4000000000000eb, 0x0) [ 718.947905][ T828] input: syz1 as /devices/virtual/input/input20 [ 719.073655][ T839] mkiss: ax12: crc mode is auto. [ 719.081919][ T839] QAT: Invalid ioctl [ 719.213729][ T839] QAT: Invalid ioctl 12:33:12 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:12 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0xfc], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:12 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) accept(0xffffffffffffffff, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x0) creat(0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="bd38832aa0da3ed709249f2c8e21", 0xca) recvmmsg(0xffffffffffffffff, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0}}], 0x1a8, 0x2040, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'rmd320-generic\x00'}, 0x58) r1 = syz_genetlink_get_family_id$netlbl_unlabel(0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0), 0xc, &(0x7f00000004c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="7dfda65ca9620a40de61d957972ad94fd225f923fcc6c2251a4e753251e3cad66fa3e62cb78f745285e9174b552422772b921b8df77b1d9e5539d4641ba217d71df3283d4d092c36596ff207ff59a3abf9d1b801c7588bc3d127c3f65fd7c36a70491334dba90d1ca3f25e", @ANYRES16=r1, @ANYBLOB="04002dbd7000ffdbdf250700000008000400ac1414bb08000500e000000114000300000000000000000000000000000000012800070073797374656d5f753a6f626a6563745f723a64706b675f7661725f6c69625f743a73300008000500ac141433140006007465616d5f736c6176"], 0x7c}, 0x1, 0x0, 0x0, 0x8801}, 0x80) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, &(0x7f0000000280)={0x8000, "e6e2a86f5a37243d9611efa203196422529c353206edb2a3d3c6a9186f4a6403", 0x8, 0x401, 0x0, 0x10, 0x5}) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) socket$inet6_mptcp(0xa, 0x1, 0x106) getsockname(r0, &(0x7f0000000740)=@nl, &(0x7f00000001c0)=0x80) syz_mount_image$msdos(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_capability(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000180)='security.capability\x00', 0x0, 0x0, 0x0) 12:33:12 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:12 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0xfffffffffffffef2, 0x2004076e, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) socket$inet_icmp_raw(0x2, 0x3, 0x1) 12:33:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0xff], @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:12 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x40000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 719.634706][ T866] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. 12:33:13 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6800) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 719.882039][ T28] kauditd_printk_skb: 36 callbacks suppressed [ 719.882054][ T28] audit: type=1804 audit(1594038793.181:362): pid=887 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/363/file0" dev="sda1" ino=16194 res=1 12:33:13 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x48000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 719.945527][ T28] audit: type=1804 audit(1594038793.181:363): pid=892 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/363/file0" dev="sda1" ino=16194 res=1 [ 720.060557][ T896] overlayfs: filesystem on './bus' not supported as upperdir 12:33:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x2, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 720.150224][ T28] audit: type=1804 audit(1594038793.311:364): pid=891 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/370/file0" dev="sda1" ino=16257 res=1 [ 720.266151][ T28] audit: type=1804 audit(1594038793.321:365): pid=894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/370/file0" dev="sda1" ino=16257 res=1 12:33:13 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x900000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:13 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:13 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x88400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000280), 0x5}, 0x400, 0x0, 0x0, 0x0, 0x3, 0x2}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000003c0)={@rand_addr=' \x01\x00', @mcast2, @private2={0xfc, 0x2, [], 0x1}, 0x3, 0x0, 0x4, 0x100, 0x81, 0x4000000}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ptrace$setopts(0x4200, r4, 0x9, 0x200002) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000480)={0x0, 0xffffff18, 0x8001, 0x0, 0x6}) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="3400000010000104539300"/20, @ANYRES32=r6, @ANYBLOB="ddffffffffffffff140012000c0001006272696467650000040002004a7bcdad645e2b4f436b014dbe92b146588c1b6a238e3c4ad8aaf50c71a900efb4ed6f549d620cab62d981eb6d374923a2b1597449331902ca8bdf6a7b128fe8476d4d6652037756d0ac81399ac0582b151d141fe83ed1d9132ab02d67c1c5acd5789c4893db25c5630cca8a430aeff83dd7770e5485b3580e6c37cdf78ebabc56f554ff14196fa347774c415acdeb046e3cf8a5afb70f638ef519604604bdd8af70dd52c26f6c603b8f3e34d021af63b3cfa8316e16c38ca72e58c356fde87643e8b809318f8d222ce652179a6f2fbcded42fa3aa"], 0x34}}, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) 12:33:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:13 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:13 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x6042}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) poll(0x0, 0x0, 0x0) ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(0xffffffffffffffff, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) getpeername$inet(r6, &(0x7f0000000140)={0x2, 0x0, @multicast1}, &(0x7f0000000180)=0x10) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000000)=0x81, 0x4) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0x0, 0x0) r7 = dup3(r3, r2, 0x0) write$binfmt_misc(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="73797a3060d0ac910000e146ace51fad87edd0677ea5ecdb14726419e40cacf3080c84829d02affa6706bc4fb01b23f5262ade115c9f2dbc4a50603bddcc39885107f343b9baea9875d741e2685daecf6847d62f59d74300420f"], 0xf2) r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000100)={0x6}) [ 720.619097][ T28] audit: type=1804 audit(1594038793.921:366): pid=927 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/371/file0" dev="sda1" ino=15988 res=1 12:33:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x4, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:14 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7400) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:14 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x68000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 720.784707][ T28] audit: type=1804 audit(1594038793.921:367): pid=937 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/371/file0" dev="sda1" ino=15988 res=1 [ 720.803156][ T930] device bridge3 entered promiscuous mode 12:33:14 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xa00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x5, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 720.976721][ T28] audit: type=1804 audit(1594038793.921:368): pid=932 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/365/file0" dev="sda1" ino=16022 res=1 12:33:14 executing program 4: getpid() r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x8) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) dup2(r1, r0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(0xffffffffffffffff, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) ioctl$sock_inet_SIOCGIFNETMASK(r4, 0x891b, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x4e21, @empty}}) r5 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000500)={'veth1_vlan\x00', @broadcast}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0xe43) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000200)}, 0x0, 0x100000000000003, 0x0, 0x0, 0x8000000000000000, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000001c0)={0x0, 0xffffff9e, &(0x7f0000000140)=[{&(0x7f00000000c0)="2e00000010008188040f80ecdb4cb9cca7480ef43c000000e3bd6efb440e09000e000a0010000000028000001201", 0x2e}], 0x1}, 0x0) [ 721.053356][ T28] audit: type=1804 audit(1594038793.921:369): pid=938 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/365/file0" dev="sda1" ino=16022 res=1 12:33:14 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:14 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 721.170789][ T966] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 721.179083][ T28] audit: type=1804 audit(1594038794.361:370): pid=955 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/366/file0" dev="sda1" ino=16049 res=1 12:33:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x6, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 721.179154][ T28] audit: type=1804 audit(1594038794.391:371): pid=959 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/366/file0" dev="sda1" ino=16049 res=1 12:33:14 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x74000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 721.439404][ T933] QAT: Invalid ioctl 12:33:14 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xb00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 721.475535][ T966] team0: Device ipvlan1 failed to register rx_handler [ 721.825719][ T966] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 721.855070][ T966] team0: Device ipvlan1 failed to register rx_handler [ 722.176471][ T933] QAT: Invalid ioctl [ 722.528052][ T966] syz-executor.4 (966) used greatest stack depth: 22368 bytes left 12:33:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="4c00000010001fff00f2ff000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000024001280090001007866726d00000000140002800800010002000000080002000100000008000a00"], 0x4c}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) sendmsg$AUDIT_TRIM(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f6, 0x800, 0x70bd27, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x82}, 0x44800) 12:33:16 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:16 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:16 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xb00020000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:16 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_drvinfo={0xf, "28252c037cb97de23da76cf990753ea1939890e5c2ac15acb5d7f84ac26abee4", "1dd9ede0803733d254df12aad7417f4a92a9441e3e77cd8d1938b2750a966c64", "ab709bc4b7a0aaa9b17ba5fd1b94c14c2bbea9fd1245bb570f207d5e117dda42", "5173db27e7a019b9f3c52b9efa19f539a8c632686a1eaed667173817438ea199", "1532b878ea7c88766df4362c72127e575aa0b0c60ef182cba0fd61b62c510958", "0a0800000000000000079409"}}) 12:33:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x8, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12000000, &(0x7f0000000240)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa, 0x1, 'vxcan\x00'}, {0x18, 0x2, 0x0, 0x1, @val={0x14}}}}]}, 0x48}}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000000c0)={&(0x7f0000000000)=[0xfa, 0xf351, 0xfeb3, 0x8, 0x1, 0x0, 0x8, 0x8], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x8, 0x10001, 0xdededede}) [ 722.933299][ T1030] mkiss: ax12: crc mode is auto. [ 723.018475][ T1030] mkiss: ax12: crc mode is auto. 12:33:16 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1ffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:16 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x1000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:16 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xd00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:16 executing program 2: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff00) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 723.434206][ T1058] mkiss: ax12: crc mode is auto. 12:33:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0xa, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:16 executing program 2: open(&(0x7f0000000180)='./file0\x00', 0x40c2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x200000000, 0x2, &(0x7f0000000000)=[{&(0x7f0000000140)="600084e002000a00900cda40ff1ad5c98f13", 0x12, 0x400}, {&(0x7f0000000640)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf429c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5ff9b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb0464cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e", 0x309, 0x34f9}], 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo\x00') creat(0x0, 0x0) fanotify_init(0x0, 0x0) r0 = open(0x0, 0x141042, 0x0) fanotify_mark(0xffffffffffffffff, 0x37, 0x0, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x141042, 0x2) write$binfmt_elf64(r1, &(0x7f0000000980)=ANY=[], 0x4c4) perf_event_open(&(0x7f000001d000)={0x5, 0xfffffffffffffe71, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2f7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1244}, 0x0, 0xfff7fffffffffffc, 0xffffffffffffffff, 0x2) sendfile(r1, r1, &(0x7f0000000480), 0xa198) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_mr_cache\x00') setsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, &(0x7f0000000040), 0x4) dup(r2) 12:33:16 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xf6ffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:16 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x2000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 723.565404][ T1058] mkiss: ax12: crc mode is auto. [ 723.664429][ T1100] MINIX-fs: mounting unchecked file system, running fsck is recommended 12:33:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0xf, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:17 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r2) r3 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) syz_mount_image$reiserfs(&(0x7f0000000280)='reiserfs\x00', &(0x7f00000002c0)='./file0\x00', 0xb676, 0x7, &(0x7f0000000680)=[{&(0x7f0000000300)="b6645bcbfb31341f09940902c9542f264aacd20cdaf2485396e35e8dd07962c9b3adf8263e525bb4ed69d2908351fd5a2c5ef954a80a00b96886b2eeaa7e", 0x3e}, {&(0x7f0000000340)="d0ccd366ac9e71fdc7d29ceb644e2bdb4fb7b809397aa975422eddaa512d470b2dbcfcf419d61a970fafcb50009df0316e1e93fbe92b55b869645b7ea23d334da728696c9e179a57e8be6d24ef2e61d498a78e2de4795e51e8de83fe4592a0da7a35cf3b838399e8c0f313b258c233e4c4a986adda9350dd2b3afa0e80ffb13b2ebe6a6a4e6b86c97b35d2f48f592c34a863", 0x92, 0x3f}, {&(0x7f0000000400)="9bdaa2cbcfc8cc4737c6c5aa33beca042e2ae417c9e25373773696d683e5002d48d53b4a25544f1ba50bbc5b9e2cdf05352a583cc1b01f0a7ec41f2af48fcb9ec23a065f4e3e930b1d7e894bd6fc92cf3ae69bc351c0bc13a6687a98b5f3b73ba8edc925439dc359d10584cc4139fe3fe8a2eb4238f19db2f459", 0x7a, 0x401}, {&(0x7f0000000480)="dcba4e34f0df0903e459e468cb7740b8839cced7b05bb2b93cd1d36c609381f1804e4643714323fb6562cfd90d108ed4", 0x30, 0xb7}, {&(0x7f00000004c0)="8a8ba71c5f920f835d1912dbcd78b9cb7f6a4032c1023619d5633cc0f385748e74d6ccca476cfa4296bdf193caf277ca2d974b007c17823ea8f9e39e5543e26be503534a4b175e3e1fc1d0701d", 0x4d, 0x101}, {&(0x7f0000000540)="e5453bc3b2ee0c4cce2204e31b8cdec8b4ac1e862f141b39705aebe788d7522ec814047ef5ba745292dd866200f9b3a74229d29446af860d9209035dcb7ce1d8351710b8221cfae3ad5209023da04ca91e5d02dcd2647cbd58f4229a997ac88e076a712d5256be564dcf6ccc77b5a4436de7736c11a647fe5b028cf6b7f485e3c60bce02a2cbd43d96d35ebbae1b796f67f6d5f783c4192e433d8ecf2e98bf8dd59a8b4e00abf7f511a5e4b6f07a519b2f66f3c52ae2b04149bb145c289280aebdead315d11c1447222f0e", 0xcb, 0xe3e3}, {&(0x7f0000000640)="dacaa00b9d23a11ccae55c2bb0b450ec7df547303492f2c9a3b94ad0e5d1634f3c6cdd3954a370783a797932d6c750fe", 0x30, 0x3}], 0x10, &(0x7f0000000740)={[{@nouser_xattr='nouser_xattr'}, {@balloc_border='block-allocator=border'}, {@noquota='noquota'}], [{@audit='audit'}, {@subj_type={'subj_type', 0x3d, '\xfc+:'}}, {@subj_user={'subj_user', 0x3d, '/dev/dlm-control\x00'}}, {@subj_type={'subj_type', 0x3d, '/dev/dlm-control\x00'}}, {@obj_type={'obj_type', 0x3d, '#%@^'}}, {@euid_gt={'euid>', r2}}, {@euid_eq={'euid', 0x3d, r4}}, {@seclabel='seclabel'}]}) ioctl$PPPOEIOCSFWD(r0, 0x40047459, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x82, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r7, 0x917, 0x70bd28, 0x25dfdbff, {0x1, 0x0, 0x4c}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x7f}]}, 0x68}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, r7, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private0}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x4}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x37}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xd7}, @L2TP_ATTR_L2SPEC_TYPE={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x0) 12:33:17 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfeffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:17 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:17 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xe00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:17 executing program 2: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "f78e2b5cd94b5a62", "b854abdd3dc9ed247d84c3fc698fbe56", "049801d6", "bcc6e6962429e199"}, 0x28) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40000000855a2957c54fab704b76c2eaf8d60ca7", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100736974001400028008000100", @ANYRES32=r3], 0x40}}, 0x0) 12:33:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[0x0, 0x0, 0x7], 0x0, 0x3, 0x6}) getpriority(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)='posix_acl_accessGPLem0vmnet0selinuxcpuset\x00', 0xffffffffffffffff}, 0x30) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x10000, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@map, r5, 0x21, 0x2, r6}, 0x14) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 12:33:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x2, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 723.998937][ T7091] minix_free_inode: bit 1 already cleared 12:33:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x3, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:17 executing program 2: syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x20}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x400, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="1a614beab760000036c64b2f76922aa4741ca6dd052100000000ffff2e41bac8d1e83ecf8c0d0879d38efc06850000ffffff"]}) syz_genetlink_get_family_id$ipvs(0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r2, 0x800455cc, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00b4c4e3f0722a733f783f1fd6fe93c6bbcbaba4cf4b7db918b91921253757e9a3d9bf33701b4140996c0dc96af21a93ec071501e10efc8bf8c9522caf43f379202e335ce139bfe8bc9c6c2447369e06ffc8e02e84cd356a48d492a271e93c52288f637d7761dad07756a538cb7656e057513b7ff2df4a6cff20043fa9f2a5d87702c2436b821b5d96a59f95cc6a1f3f8acb1069f19d0a9f3a1ce31be52e12f47e25421912e4dfa1ef27ee1e9d835d8c673654bbe56700001381464835272ff78da329f2249f06dfe79de03d08a4a990a4305d50a9981de7e455bba27f5e29db3dc401f392cdf24ce64a27f5139de40751abda11f3b2055db3764874c684004ac25549f8b65c1628b7f7ee6d4a34e88b2907789fec8a669dcf89b9e51a996296eabf68fc44029cf473d9ab8f5b409b9cb59dce1b811e7b99521fbcd22450fa5de4929fed32fcfac9df5ff8e9a0a027b5e436d6ed3259b2ce1ce739159d7232bf91e3bea450c6f2c230a2fdd1c02af7d74c12fe9f2298c11516048766483e733c61c7fce2c27322677e332ea803b481adc0955482d8ef78fc3584d49051ec1903096b1234730bc944e344d952b3fc589a0263a34951e0243203368a230060289adecb66d505cf5e0ce4059fb5d4225047a292406fb6a3146940368126ceb6ccbe2e6b38d3c5095675bc54a535df19341fbd82505e59de5f07bd8f716fc66d2759cd9a1981e67b000000000000000000000000802f8b1452f0e6451bc4dc24e60153d94abcb4b5653f16975c4827f62e8ff8f5e3019830426b68a27b3c906044252522b929a861b83705002afdc618bc5c0bcb18816be431150a80245d9fe989350a1c254691527b0031f0cf1d796d42b9a179b3b9000f40567b29b7abd0f062854ec07df72c6fdf6e9b1ca2aab15db56c8f5ee1e88c328d6a220b53326889d7f72ea13c4d168c0bb7", @ANYBLOB="a3dd28781e068634c25bd1767eb3adb942ca0457e320368bf0a95e6629d780e85d2d98257175a6375e250fa492eb4daed445a95f289bb6f3adeb9684bf04781f4c1ac28e3edb2efec74bb7075717832dbee7e4374e96f27360cbf11012b1e394a8b0610eb286fe5ee8641e5fd4e1602c6636d87a5574950c17b0d68af725ee76bcebe6a661a373dc142952b49212d49685c6fb7aed2fdc80a8811719bb5baf44aa04d2d29d4312c4646ae45821df33a5e36f936fc7324976df90b383a3e26f043e71", @ANYRES16=r2], 0x3}, 0x1, 0x0, 0x0, 0x4c051}, 0x44040) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="200025bd7000ffdbdf2582000000"], 0x14}}, 0x40800) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x34}}, 0x0) 12:33:17 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:17 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x4, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 724.549809][ T1168] sp0: Synchronizing with TNC 12:33:17 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xf00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:18 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffff7f) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x5, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:18 executing program 2: syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x20}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x400, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="1a614beab760000036c64b2f76922aa4741ca6dd052100000000ffff2e41bac8d1e83ecf8c0d0879d38efc06850000ffffff"]}) syz_genetlink_get_family_id$ipvs(0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r2, 0x800455cc, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00b4c4e3f0722a733f783f1fd6fe93c6bbcbaba4cf4b7db918b91921253757e9a3d9bf33701b4140996c0dc96af21a93ec071501e10efc8bf8c9522caf43f379202e335ce139bfe8bc9c6c2447369e06ffc8e02e84cd356a48d492a271e93c52288f637d7761dad07756a538cb7656e057513b7ff2df4a6cff20043fa9f2a5d87702c2436b821b5d96a59f95cc6a1f3f8acb1069f19d0a9f3a1ce31be52e12f47e25421912e4dfa1ef27ee1e9d835d8c673654bbe56700001381464835272ff78da329f2249f06dfe79de03d08a4a990a4305d50a9981de7e455bba27f5e29db3dc401f392cdf24ce64a27f5139de40751abda11f3b2055db3764874c684004ac25549f8b65c1628b7f7ee6d4a34e88b2907789fec8a669dcf89b9e51a996296eabf68fc44029cf473d9ab8f5b409b9cb59dce1b811e7b99521fbcd22450fa5de4929fed32fcfac9df5ff8e9a0a027b5e436d6ed3259b2ce1ce739159d7232bf91e3bea450c6f2c230a2fdd1c02af7d74c12fe9f2298c11516048766483e733c61c7fce2c27322677e332ea803b481adc0955482d8ef78fc3584d49051ec1903096b1234730bc944e344d952b3fc589a0263a34951e0243203368a230060289adecb66d505cf5e0ce4059fb5d4225047a292406fb6a3146940368126ceb6ccbe2e6b38d3c5095675bc54a535df19341fbd82505e59de5f07bd8f716fc66d2759cd9a1981e67b000000000000000000000000802f8b1452f0e6451bc4dc24e60153d94abcb4b5653f16975c4827f62e8ff8f5e3019830426b68a27b3c906044252522b929a861b83705002afdc618bc5c0bcb18816be431150a80245d9fe989350a1c254691527b0031f0cf1d796d42b9a179b3b9000f40567b29b7abd0f062854ec07df72c6fdf6e9b1ca2aab15db56c8f5ee1e88c328d6a220b53326889d7f72ea13c4d168c0bb7", @ANYBLOB="a3dd28781e068634c25bd1767eb3adb942ca0457e320368bf0a95e6629d780e85d2d98257175a6375e250fa492eb4daed445a95f289bb6f3adeb9684bf04781f4c1ac28e3edb2efec74bb7075717832dbee7e4374e96f27360cbf11012b1e394a8b0610eb286fe5ee8641e5fd4e1602c6636d87a5574950c17b0d68af725ee76bcebe6a661a373dc142952b49212d49685c6fb7aed2fdc80a8811719bb5baf44aa04d2d29d4312c4646ae45821df33a5e36f936fc7324976df90b383a3e26f043e71", @ANYRES16=r2], 0x3}, 0x1, 0x0, 0x0, 0x4c051}, 0x44040) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="200025bd7000ffdbdf2582000000"], 0x14}}, 0x40800) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x34}}, 0x0) [ 724.798910][ T1133] mkiss: ax12: crc mode is auto. 12:33:18 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x5000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 725.046096][ T1200] sp0: Synchronizing with TNC 12:33:18 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x7, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:18 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffffa1) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:18 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:18 executing program 2: syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x20}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x400, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="1a614beab760000036c64b2f76922aa4741ca6dd052100000000ffff2e41bac8d1e83ecf8c0d0879d38efc06850000ffffff"]}) syz_genetlink_get_family_id$ipvs(0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r2, 0x800455cc, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00b4c4e3f0722a733f783f1fd6fe93c6bbcbaba4cf4b7db918b91921253757e9a3d9bf33701b4140996c0dc96af21a93ec071501e10efc8bf8c9522caf43f379202e335ce139bfe8bc9c6c2447369e06ffc8e02e84cd356a48d492a271e93c52288f637d7761dad07756a538cb7656e057513b7ff2df4a6cff20043fa9f2a5d87702c2436b821b5d96a59f95cc6a1f3f8acb1069f19d0a9f3a1ce31be52e12f47e25421912e4dfa1ef27ee1e9d835d8c673654bbe56700001381464835272ff78da329f2249f06dfe79de03d08a4a990a4305d50a9981de7e455bba27f5e29db3dc401f392cdf24ce64a27f5139de40751abda11f3b2055db3764874c684004ac25549f8b65c1628b7f7ee6d4a34e88b2907789fec8a669dcf89b9e51a996296eabf68fc44029cf473d9ab8f5b409b9cb59dce1b811e7b99521fbcd22450fa5de4929fed32fcfac9df5ff8e9a0a027b5e436d6ed3259b2ce1ce739159d7232bf91e3bea450c6f2c230a2fdd1c02af7d74c12fe9f2298c11516048766483e733c61c7fce2c27322677e332ea803b481adc0955482d8ef78fc3584d49051ec1903096b1234730bc944e344d952b3fc589a0263a34951e0243203368a230060289adecb66d505cf5e0ce4059fb5d4225047a292406fb6a3146940368126ceb6ccbe2e6b38d3c5095675bc54a535df19341fbd82505e59de5f07bd8f716fc66d2759cd9a1981e67b000000000000000000000000802f8b1452f0e6451bc4dc24e60153d94abcb4b5653f16975c4827f62e8ff8f5e3019830426b68a27b3c906044252522b929a861b83705002afdc618bc5c0bcb18816be431150a80245d9fe989350a1c254691527b0031f0cf1d796d42b9a179b3b9000f40567b29b7abd0f062854ec07df72c6fdf6e9b1ca2aab15db56c8f5ee1e88c328d6a220b53326889d7f72ea13c4d168c0bb7", @ANYBLOB="a3dd28781e068634c25bd1767eb3adb942ca0457e320368bf0a95e6629d780e85d2d98257175a6375e250fa492eb4daed445a95f289bb6f3adeb9684bf04781f4c1ac28e3edb2efec74bb7075717832dbee7e4374e96f27360cbf11012b1e394a8b0610eb286fe5ee8641e5fd4e1602c6636d87a5574950c17b0d68af725ee76bcebe6a661a373dc142952b49212d49685c6fb7aed2fdc80a8811719bb5baf44aa04d2d29d4312c4646ae45821df33a5e36f936fc7324976df90b383a3e26f043e71", @ANYRES16=r2], 0x3}, 0x1, 0x0, 0x0, 0x4c051}, 0x44040) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="200025bd7000ffdbdf2582000000"], 0x14}}, 0x40800) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x34}}, 0x0) 12:33:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x8, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:18 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) setregid(0x0, r1) chown(&(0x7f0000000180)='./file0\x00', 0x0, r1) fchown(0xffffffffffffffff, r0, r1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, &(0x7f0000000040)='F', 0xfffffffffffffe43, 0x20000003, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = dup2(r4, r6) ioctl$TCFLSH(r7, 0x8926, 0x20000000) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000000)=0x2) [ 725.692638][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 725.692650][ T28] audit: type=1804 audit(1594038799.001:396): pid=1238 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/375/file0" dev="sda1" ino=16209 res=1 12:33:19 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfffffff6) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 725.824211][ T1235] sp0: Synchronizing with TNC 12:33:19 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 725.885680][ T28] audit: type=1804 audit(1594038799.001:397): pid=1243 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/375/file0" dev="sda1" ino=16209 res=1 [ 725.911390][ T1256] mkiss: ax12: crc mode is auto. 12:33:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x9, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 725.929243][ T28] audit: type=1804 audit(1594038799.051:398): pid=1237 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/380/file0" dev="sda1" ino=16225 res=1 12:33:19 executing program 2: syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x20}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x400, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="1a614beab760000036c64b2f76922aa4741ca6dd052100000000ffff2e41bac8d1e83ecf8c0d0879d38efc06850000ffffff"]}) syz_genetlink_get_family_id$ipvs(0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r2, 0x800455cc, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00b4c4e3f0722a733f783f1fd6fe93c6bbcbaba4cf4b7db918b91921253757e9a3d9bf33701b4140996c0dc96af21a93ec071501e10efc8bf8c9522caf43f379202e335ce139bfe8bc9c6c2447369e06ffc8e02e84cd356a48d492a271e93c52288f637d7761dad07756a538cb7656e057513b7ff2df4a6cff20043fa9f2a5d87702c2436b821b5d96a59f95cc6a1f3f8acb1069f19d0a9f3a1ce31be52e12f47e25421912e4dfa1ef27ee1e9d835d8c673654bbe56700001381464835272ff78da329f2249f06dfe79de03d08a4a990a4305d50a9981de7e455bba27f5e29db3dc401f392cdf24ce64a27f5139de40751abda11f3b2055db3764874c684004ac25549f8b65c1628b7f7ee6d4a34e88b2907789fec8a669dcf89b9e51a996296eabf68fc44029cf473d9ab8f5b409b9cb59dce1b811e7b99521fbcd22450fa5de4929fed32fcfac9df5ff8e9a0a027b5e436d6ed3259b2ce1ce739159d7232bf91e3bea450c6f2c230a2fdd1c02af7d74c12fe9f2298c11516048766483e733c61c7fce2c27322677e332ea803b481adc0955482d8ef78fc3584d49051ec1903096b1234730bc944e344d952b3fc589a0263a34951e0243203368a230060289adecb66d505cf5e0ce4059fb5d4225047a292406fb6a3146940368126ceb6ccbe2e6b38d3c5095675bc54a535df19341fbd82505e59de5f07bd8f716fc66d2759cd9a1981e67b000000000000000000000000802f8b1452f0e6451bc4dc24e60153d94abcb4b5653f16975c4827f62e8ff8f5e3019830426b68a27b3c906044252522b929a861b83705002afdc618bc5c0bcb18816be431150a80245d9fe989350a1c254691527b0031f0cf1d796d42b9a179b3b9000f40567b29b7abd0f062854ec07df72c6fdf6e9b1ca2aab15db56c8f5ee1e88c328d6a220b53326889d7f72ea13c4d168c0bb7", @ANYBLOB="a3dd28781e068634c25bd1767eb3adb942ca0457e320368bf0a95e6629d780e85d2d98257175a6375e250fa492eb4daed445a95f289bb6f3adeb9684bf04781f4c1ac28e3edb2efec74bb7075717832dbee7e4374e96f27360cbf11012b1e394a8b0610eb286fe5ee8641e5fd4e1602c6636d87a5574950c17b0d68af725ee76bcebe6a661a373dc142952b49212d49685c6fb7aed2fdc80a8811719bb5baf44aa04d2d29d4312c4646ae45821df33a5e36f936fc7324976df90b383a3e26f043e71", @ANYRES16=r2], 0x3}, 0x1, 0x0, 0x0, 0x4c051}, 0x44040) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="200025bd7000ffdbdf2582000000"], 0x14}}, 0x40800) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x34}}, 0x0) [ 726.021723][ T28] audit: type=1804 audit(1594038799.051:399): pid=1242 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/380/file0" dev="sda1" ino=16225 res=1 12:33:19 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfffffffe) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 726.163520][ T28] audit: type=1804 audit(1594038799.471:400): pid=1277 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/381/file0" dev="sda1" ino=16004 res=1 [ 726.236723][ T28] audit: type=1804 audit(1594038799.501:401): pid=1281 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/381/file0" dev="sda1" ino=16004 res=1 [ 726.298182][ T1280] sp0: Synchronizing with TNC [ 726.360993][ T28] audit: type=1804 audit(1594038799.591:402): pid=1285 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/377/file0" dev="sda1" ino=16120 res=1 12:33:19 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0xa, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:19 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x8000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:19 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x1000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:19 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) r0 = gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2a8, &(0x7f0000000440)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xee\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)) 12:33:20 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0xb, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:20 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:20 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(r4, r6) r7 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r8 = socket$inet(0x2, 0x1, 0x806) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r9}, 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={r9, 0xdc, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x3a}, 0x4}, @in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e22, 0x6, @private2={0xfc, 0x2, [], 0x1}, 0xfffffffd}, @in={0x2, 0x4e22, @empty}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x200, @empty, 0x2b2f}, @in6={0xa, 0x4e21, 0x0, @loopback, 0x7}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, @in6={0xa, 0x4e20, 0x900000, @dev={0xfe, 0x80, [], 0x2f}, 0x100}]}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000080)={r10, 0x9ba1, 0x2, 0xffffffff}, 0x10) prctl$PR_CAPBSET_DROP(0x18, 0x17) write(r0, &(0x7f00000000c0)="24000000210025f0075c0165ff0ffc0e020000000010000002e1100c08000a0000000000", 0x24) [ 726.740100][ T28] audit: type=1804 audit(1594038800.041:403): pid=1310 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/378/file0" dev="sda1" ino=16225 res=1 12:33:20 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:20 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 726.905875][ T28] audit: type=1804 audit(1594038800.041:404): pid=1323 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/378/file0" dev="sda1" ino=16225 res=1 12:33:20 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0bbf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:20 executing program 2: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1fffc0000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000240)='./file0\x00', 0x4000000000, 0x2, &(0x7f0000002280)=[{&(0x7f0000000100)="800000003804000019000300e60100006c00fec9000000000100000001000000000700000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000000140)="fcba5820c3ef1b77e8a23dd18b16961616356dd7fdeb89769b12def3b6cfd1ab4505524f78c1aa2bf4de120e650f04d278edd8006ad9f89c8b6d8ed96e63d878ff15074525d84e21090fcf500adea45e5683baf409b890f14dec72b7819a765b1f523b740006fa097ad63376050c8f865b5ffbd88b998d1665f951439c15e32429223f310ee8e4d1652b156fd2a1b1c7deec970e41e7a4", 0x97, 0x6}], 0x804803, 0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup2(0xffffffffffffffff, r1) ioctl$TCFLSH(r2, 0x8926, 0x20000000) ioctl$VIDIOC_SUBDEV_G_CROP(r2, 0xc038563b, &(0x7f0000000000)={0x1, 0x0, {0x4, 0x3209, 0x1, 0x1}}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xfffffffffffffffc) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000300), 0x4) setregid(0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) listen(0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000340)=ANY=[@ANYBLOB="8c4922159eee16a005141375051e45a4733d82a9db42e75d35acc749e300a254a5b2338f93aedf8fb20b391a9cd4754df741140c52fd9d5dcb872c33375be0d589d70296f61eeb6643b06404cf4ae10781029aceb661ea7ebd242700000000000000", @ANYRES16=r3, @ANYBLOB], 0x14}}, 0x0) [ 727.244583][ T28] audit: type=1804 audit(1594038800.551:405): pid=1345 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/383/file0" dev="sda1" ino=16135 res=1 [ 727.293069][ T1333] mkiss: ax12: crc mode is auto. 12:33:20 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1d00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:20 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf02", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:20 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x200000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 727.443759][ T1338] mkiss: ax12: crc mode is auto. 12:33:20 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 727.505290][ T1359] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 727.537224][ T1359] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 12:33:20 executing program 4: r0 = socket(0x200000000000011, 0xa, 0xc2c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000000f5145d43e2c457f3b20b126f6b97fa97129f82e4d0b199ba79d0b1c4fc5e07a966dd914f5d006aacc6937c5cdbabe6ef99dbfb50d05730df4e73fc77bb60a26863db861929b37e38161bdefbb0cb30145f7070a0fb3317295c36efd58ad0d1373b52ca8d4c", @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800c0001006d6163766c616e000c0002800800010010000000"], 0x3c}}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) r6 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r5, 0xc2604110, &(0x7f0000000340)={0x2, [[0xfff, 0x9, 0xffffffff, 0xd7, 0xfffffffa, 0x10001, 0x3f, 0x5], [0xa1d, 0x2838f076, 0x8d9, 0x3, 0x2, 0xe0, 0x2, 0x3], [0x1400000, 0x6, 0x9, 0x4, 0x1, 0x3f, 0x2, 0x7ff]], [], [{0xf, 0x3, 0x1, 0x0, 0x1}, {0x8, 0x600, 0x0, 0x0, 0x0, 0x1}, {0xf1c, 0x81, 0x1, 0x1}, {0xfc40, 0x7ff, 0x1, 0x1}, {0x9, 0x1f, 0x0, 0x1, 0x0, 0x1}, {0x0, 0x3, 0x0, 0x1}, {0xa2, 0x8001, 0x0, 0x1, 0x1, 0x1}, {0x1be31652, 0x3f, 0x0, 0x1, 0x1}, {0x1b450e5d, 0x385, 0x1, 0x0, 0x1, 0x1}, {0x6a5f, 0x8, 0x0, 0x1, 0x0, 0x1}, {0x1, 0x7, 0x1}, {0x3, 0xfffffff9, 0x0, 0x1, 0x0, 0x1}], [], 0x9}) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r8}, 0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000000)={r8, 0x1, 0x8001}, &(0x7f0000000040)=0x8) 12:33:20 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf03", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 727.617832][ T1359] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 727.648602][ T1359] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 727.708740][ T1359] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 727.759011][ T1391] mkiss: ax12: crc mode is auto. 12:33:21 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x300000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:21 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x40000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:21 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$FUSE_IOCTL(r3, &(0x7f0000000040)={0x20, 0xfffffffffffffff5, 0x1, {0x1, 0x0, 0x11c, 0x6}}, 0x20) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, &(0x7f00000000c0)=""/16, &(0x7f0000000100)=0x10) write$binfmt_misc(r5, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r4, 0x0, r0, 0x0, 0x4ff60, 0x0) 12:33:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf04", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:21 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x800000805, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12) write$uinput_user_dev(r0, &(0x7f0000000880)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000040)={0xfffffff7, 0x0, 0x20}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, &(0x7f0000000000)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(0xffffffffffffffff, r5) ioctl$SCSI_IOCTL_GET_IDLUN(r5, 0x5382, &(0x7f00000000c0)) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) syz_open_dev$tty1(0xc, 0x4, 0x1) 12:33:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf05", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 728.183755][ T1431] input: syz0 as /devices/virtual/input/input22 [ 728.268837][ T1431] mkiss: ax12: crc mode is auto. 12:33:21 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1f00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:21 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x400000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:21 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x48000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf06", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 728.454933][ T1437] input: syz0 as /devices/virtual/input/input23 12:33:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf07", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:21 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-control\x00', 0x2000, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030303030302c72713d3078303030300080000200003030303030302c756e6161653d292c00"]) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(0xffffffffffffffff, 0x8250aea6, 0x0) r0 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x4f36, 0x481) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100)={r3, 0x2}, 0x8) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000200)={0x0, 0x3, 0x0, 0x0, 0x5, [0x1, 0x0, 0x0, 0x7], [0x7, 0x4, 0xfdc], [0x0, 0x0, 0x2, 0xd85a], [0x0, 0x0, 0x0, 0x2]}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) write$binfmt_elf64(r4, &(0x7f0000000800)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x2, 0x59, 0x1f, 0x9102, 0x1, 0x48e6fe77bf20ae21, 0xfffffffc, 0x18f, 0x40, 0x2e9, 0x1, 0xd54d, 0x38, 0x2, 0x8, 0x88, 0x3}, [{0x70000000, 0x0, 0x9, 0x0, 0x8, 0x1, 0x37ee, 0xfffffffffffffffa}], "1649d66a715e2d2bd0936bc08193c1b199a55ba0173a92199300813e76904321112e340e918e9cd152295067614e33629715e0a1834d0726e7c5bd6f46896b8abbecaf32c2043b2de22a3635", [[], [], [], [], [], [], [], [], []]}, 0x9c4) syz_mount_image$tmpfs(&(0x7f0000000280)='tmpfs\x00', &(0x7f00000002c0)='./file0\x00', 0x2, 0x0, &(0x7f0000000380), 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x0) 12:33:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf08", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:21 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x500000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf09", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:22 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:22 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=ANY=[@ANYBLOB="b800000019000100000006005b000000ff010000000000000000000000000001e000000100000000800000000000000000000000000000000a0001600000002e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000cede6299eb6284070000000000fd85d16e791a2daa2586f6fded0000000005000000000000000000d94bfeadbfce0d4ed61c01bb3c42000000ea000000002655356f5400fbfa0000000000000500000000000000000000000000000000000000ee0100000001"], 0xb8}}, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x4) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r3, 0xc06c4124, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) ioctl$TCFLSH(r3, 0x540b, 0x1) dup2(r1, r3) sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "b07124bf610f243330294281c0"}]}, 0x30}, 0x1, 0x0, 0x0, 0x8001}, 0x400) 12:33:22 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x600000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 729.167436][ T1505] mkiss: ax12: crc mode is auto. 12:33:22 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x2000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:22 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) r0 = open(0x0, 0x0, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) ptrace$peekuser(0x3, 0xffffffffffffffff, 0xb) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) unshare(0x40000000) shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r4, @ANYRESHEX=r2]) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000180)=0xc) mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='fuseblk\x00', 0x1001400, &(0x7f00000002c0)=ANY=[@ANYBLOB="05003dd6e339fe625622259cca4f32890015a0234de188364c8a438a5094befd6b98a0faf54fe147ce3a20a6f27ceb77f5a828e6cafdfb351d6f64226baf3855f8dc05001c2d6d3f640d39489b8b56cecf195b4fb0aa0803d0ff7f00000000000016f5734c39040b77360f49c93b337b631901bd4611948ae547f3fca0b82e02c8e3ecd59fc1fe394fd7985f20c9ce7b676aeec5abf05b341b6c1be8cb94f20c1c5aa6de59b5d175c34ecb916b3b49767e91ecd010bbce06848dec0e82c6649538db1bf0aef878839c1aa04c2cdef30ac72fc7c969cefbab8ebff3a435e5cf95b35ce4c78f035e71fa000000000000000000000a9579e1f5380ff64f0f08e2856145f685e712dff02e9dca72cca0200c019af049f2089aa34a29a39ca00018eed37422bef0c741283125b4538f033e9fd800166162894bd95780861a2fd547001c0dc29d61ff5ee371c413b15c9af001112f33b508adbe4d01e36f7c6c7fc9086f97f6cf57dada41723ad028e6a1686e6c299feda12385b808478a26fe111870079986a40b2bc1a437ca7aa7963ab9c867c6fbce8f8a589f", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYRES32=r1]) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 12:33:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf0a", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:22 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x700000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:22 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x68000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 729.557650][ T1530] IPVS: ftp: loaded support on port[0] = 21 12:33:23 executing program 4: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$P9_RLERRORu(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="260000000700051f000000"], 0x26) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) openat2(r6, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x181200, 0x8, 0x12}, 0x18) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:33:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf10", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:23 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:23 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 730.044608][ T1574] mkiss: ax12: crc mode is auto. 12:33:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf28", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf29", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 730.283147][ T1580] mkiss: ax12: crc mode is auto. [ 730.356495][ T1530] IPVS: ftp: loaded support on port[0] = 21 12:33:23 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x74000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:23 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3ffd41c454000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x40be2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x1, 0xfb, &(0x7f0000000080)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) 12:33:24 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:24 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf33", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:24 executing program 4: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x1e, 0x2, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x105000, 0x0) recvfrom$l2tp6(r1, &(0x7f0000000100)=""/94, 0x5e, 0x40010042, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x20) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000002200)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) ioctl$TCXONC(r3, 0x540a, 0x3) [ 731.012572][T10166] tipc: TX() has been purged, node left! 12:33:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf3a", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:24 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 731.163612][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 731.163625][ T28] audit: type=1804 audit(1594038804.471:424): pid=1670 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/391/file0" dev="sda1" ino=16149 res=1 12:33:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup2(0xffffffffffffffff, r1) ioctl$TCFLSH(r2, 0x8926, 0x20000000) mkdirat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x1ff) r3 = socket$netlink(0x10, 0x3, 0x15) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(r4, r6) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="e28d0000240007050000004007a2a30007000000b0904910704eec75b366f81c046073d68fb6467e5e24f6de3fe46badc172", @ANYRES32=r9, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', r9}) sendmsg$nl_generic(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0xe0, 0x12, 0x7, 0x0, 0x0, {0x0, 0xf0ffff, 0x600}, [@generic="7b8677021028644125b2c3f9ba93a7ef7c5b922ae3d9e02daee2b13222b5ca6926cb5b2a8896f1194abdcd2e574f2f5c9bede3ab368cc0493bb0bf2e2e6c8c88d7e73d758a91f6845607e3fba94a05657163af3c509a9c4b5d24dde98d8ccee92b1b3f6a6aee8b2047d22776c31a41d12a724108daa3aee90f2351852ffd230809e5f4c75759fda438481816a7bd8da66aa7f1995561e66d4e8fd23b4c3ebd16352b4bfafd5d143f3c7f3b98972d38e698cb2ceb18f657d0172290a3cd0b6abd6f962197c32bda7302"]}, 0xe0}}, 0x0) 12:33:24 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:24 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1ffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 731.383569][ T28] audit: type=1804 audit(1594038804.471:425): pid=1682 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/391/file0" dev="sda1" ino=16149 res=1 12:33:24 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 731.550675][ T28] audit: type=1804 audit(1594038804.851:426): pid=1714 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/392/file0" dev="sda1" ino=16149 res=1 [ 731.576932][ T1707] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.591926][ T1705] mkiss: ax12: crc mode is auto. 12:33:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf78", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:24 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xf6ffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 731.629702][ T28] audit: type=1804 audit(1594038804.861:427): pid=1717 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/392/file0" dev="sda1" ino=16149 res=1 12:33:25 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x7, 0x1f, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x2c, 0xfffff800, 0x2}, 0x2}}, 0x18) r0 = socket(0x10, 0x80002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r1}, &(0x7f0000044000)) sched_getparam(r1, &(0x7f00000000c0)) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x3c}}, 0x0) 12:33:25 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 731.783808][ T28] audit: type=1804 audit(1594038805.011:428): pid=1724 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/389/file0" dev="sda1" ino=16150 res=1 [ 731.842199][ T1705] mkiss: ax12: crc mode is auto. [ 731.842259][ T1715] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.874773][ T28] audit: type=1804 audit(1594038805.011:429): pid=1728 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/389/file0" dev="sda1" ino=16150 res=1 12:33:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bffc", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:25 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x4, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040)) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 731.998332][ T28] audit: type=1804 audit(1594038805.271:430): pid=1740 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/393/file0" dev="sda1" ino=16382 res=1 12:33:25 executing program 2: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x98fa1df47b04a903) fsmount(r0, 0x0, 0x1) 12:33:25 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfeffffff) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 732.094938][ T28] audit: type=1804 audit(1594038805.271:431): pid=1744 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/393/file0" dev="sda1" ino=16382 res=1 12:33:25 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 732.213059][ T1772] NFS: Device name not specified [ 732.223245][ T28] audit: type=1804 audit(1594038805.371:432): pid=1757 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/390/file0" dev="sda1" ino=16132 res=1 12:33:25 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x401f000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:25 executing program 4: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="900000002c00270d00"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000040000000a0001006261736963000000600002005c000300580001000b000100047b6d706c6508002c0002800800050023007918fb84030000000000180002000000000000000000040000200000000000002000040006000c00070000000000000000000c000825926dd2f54d0805c485dfcddefcd0f5000000000000001e0032d5446acd6c4a5dccaf45c99a9b17a106331f3630d245ab741e65cd5125bd9f48dfc0b1219b06de571d640d252b2affd08391e00a2b8c8d5c3f5561d11435603356c955650166f6a4d6da0a490dd38a62080000000000000064944eaeb06cb7bd685f6e46d8fc8121e84964ce8fa5200639b4b9798cbd5315b0d3ef647ba7652dbb5e6bbded4527c488ff288398502789"], 0x90}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:33:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 732.336417][ T28] audit: type=1804 audit(1594038805.371:433): pid=1762 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/390/file0" dev="sda1" ino=16132 res=1 12:33:25 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 732.436588][ T1788] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 12:33:25 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) r0 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0x84, 0x0, 0x7, 0x3, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x6}]}, @NFACCT_FLAGS={0x8}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xffffffffffffffff}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x9}]}, 0x84}}, 0x0) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) socketpair(0x5, 0xa, 0x9, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) dup2(r5, r7) sendmsg$DEVLINK_CMD_GET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYRES32, @ANYBLOB="dd0700000005000000003400000015248f46081b26b33350439142ff9920"], 0x14}}, 0x0) 12:33:25 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 732.617742][ T1788] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 12:33:26 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_all\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_all\x00', 0x275a, 0x0) fallocate(r0, 0x0, 0xffff, 0x810fffb) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) fallocate(r3, 0x40, 0x0, 0x0) 12:33:26 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffff7f) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 732.883717][ T1803] mkiss: ax12: crc mode is auto. 12:33:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 732.984376][ T1824] mkiss: ax12: crc mode is auto. 12:33:26 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080)=0x4, 0x4) perf_event_open(&(0x7f00000000c0)={0x4, 0x70, 0x7, 0xfa, 0xdf, 0x2, 0x0, 0x7, 0x2032, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_bp={&(0x7f0000000000), 0x5}, 0x4000, 0x9, 0x1, 0x6, 0x1, 0x1ff, 0x8c17}, r0, 0x4, 0xffffffffffffffff, 0x1) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000300)=@gcm_256={{0x304}, "9b591a43a2eaf561", "4cc3d1c8f0cf44a57d5b0464b28299e67b1fb6031ecdbecc20ed44349d0a6001", "0986f157", "300f80b642c94cbb"}, 0x38) sendto$inet6(r1, &(0x7f0000f6f000), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x3, 0x983a, @rand_addr, 0xfffffffd}, 0x1c) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000002c0)={@loopback, 0x3, 0x2, 0x2, 0x66761ba24ee20353, 0x5, 0x8}, 0x20) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="9831160d7a00ff00000000000000000000000000ff6c9db4b4ed9e8a97631aed29039bbb85b41923fdcf519c20037f77f4671467f27a5baa84521fc3efb6536cecb703b02dfa050caa39f4ea42ecaa5dbfd35922b58d62cfdd2e5f1ffae5e35d41b58466b4f1bc819bbe0e9c12e44adc4f7d2533dd1fc7b8eea9b793b633fd5089dac0"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x40008c0) accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x80800) prctl$PR_GET_KEEPCAPS(0x7) 12:33:26 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000040)=0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r3, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x1) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) socket$inet(0x10, 0x400000002, 0x0) 12:33:26 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffffa1) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:26 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7400000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:27 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfffffff6) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:27 executing program 4: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$devlink(0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x4001, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x3) setsockopt$inet_mreqsrc(r0, 0x0, 0x0, &(0x7f0000000040)={@multicast2, @local, @rand_addr=0xfffffffe}, 0x4d) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_reply={0x12, 0x0, 0x0, 0xe0000002}}}}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x44, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x20000004) dup(0xffffffffffffffff) 12:33:27 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:27 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:27 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xcf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {0xf0f5107ea0f3df63, 0x0, 0x2}, [@NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x817a, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e0036000000e8bd6efb250309000e000100240248ff060005001201", 0x2e}], 0x1}, 0x0) 12:33:27 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x6400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:27 executing program 4: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$devlink(0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x4001, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x3) setsockopt$inet_mreqsrc(r0, 0x0, 0x0, &(0x7f0000000040)={@multicast2, @local, @rand_addr=0xfffffffe}, 0x4d) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_reply={0x12, 0x0, 0x0, 0xe0000002}}}}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x44, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x20000004) dup(0xffffffffffffffff) 12:33:27 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:27 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1ffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:27 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfffffffe) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:28 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xf6ffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:28 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x1000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:28 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfeffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:28 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:28 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x6c01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:28 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:29 executing program 2: mkdir(&(0x7f00000000c0)='./bus\x00', 0x33) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000001300)) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000001280)='/dev/v4l-subdev#\x00', 0x8dc8, 0x2000) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r4, 0xc0305615, &(0x7f00000012c0)={0x0, {0x4c, 0xfff}}) r5 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0xfffffffffffffff9) r6 = dup(r3) ioctl$SNDCTL_DSP_GETIPTR(r6, 0x800c5011, &(0x7f0000000040)) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='cpuset.mem_exclusive\x00', 0x2, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) r9 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x103100, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001240)={r9, &(0x7f0000000200)="acf2a7877927e03a4b671bb708dab31456f7545c44f6f0bdbb77d32fe9b45770862cbd00f0e920df603ebb5cbcb435d7739076f910c0598f627760d404ae130e0eb9e6bf8d74188cb74ab9ddc68bec2783d414d8502ff1f21aed7c95f08212b92f57c26d07d5f6ac667d06c6988a8ce87d63e4d55efaaf153cef544cc23adaa6d2b5346a29c3c0d946d2b17b4b02dfea8213e2b64f2f6ab57a3a0244def70f94a7ccc63d7cf2ce04e7b4fad315bbaaa2c515fe92ed3ae10fce77cf50d7c0d4ab897180a14d5734492cddf21abd3e1031e5b1578ea2bdd5ef0376dd01d6f999fb213e76fe65de0e1b58ba4348d477af1b4f115eaf36cee476012239603dd40801b5c728a9fca25f03bedbd1b31c99d8170568b0b8ddd674a40dced453a12f126fa0de98b40d63f387479e2a7b19f1926fe15f5ccf2061865aeda9537cbbf8869268ddebab2bad50a2b178a4f8051bbb8e305576cbb2c6b937f7869cfa8bc502ca3ed628da86d76423134a3907adfbfc1d146b562e0bbc89e34af0146ae086b4908339e898ee82f77f67d80f58cc3a2f41ba3aa8aec6d34712f909c267ceb6b5705c8f77a36532c18675e627b9478f250a9ab47700326735baaf4473ce2d3870370494f22cf20d34c6f32cb884d43d74c6670a0c3eb0ea6a1894082c6f3ff01b30f89d9f0146357408ed53ffb8c1cc69439039636f854d4de260eea9f79e7c11d7ba71e330be47d663605c28499d95925b92660abda9658be3e10b61a6387c05a0c46341d234b39648961a448c824b048d13d653a77f833e52c72bc01f914ec684178d775cf5cb42bc4f19491d23bbaa024209539bb4b73133425513868f54d36881d7ddeff29200049e123ea4d43fd958c193336cd17794209ae67a23bb056c8249d16c47172c9bea22064dd01e165d2821fa32f85948115af6c7ac1406e0483efba1f93623de5fff5db2e789f2bbdd39457068c7d25625db73f27c173c5a4955615c227fd528139b38b50b0b58b920ed9be86a5026a22270b647797bbfafe4477b9c75350270c4b0eb458478711edb9e43db54ee30b0eaee43f097deb0d161110f5676e061535235965ac2bfb2491ed6ecb804d16ba056a4db30adff0a72411ccc13075815ddaeb7c0d3261fe549adea511cf2e39009a299bf741b1b861c4726cb8ad4b9858e9e970c0a749597406a1696753dad2ada4144de887a87f12cbd5fc96ab3503e14baf00e1408301f676bd9d13190bac567360ed37366e0d4e6ae7a375a4740d0c4ffdcbfc56293144d754de1a5a08ca89e878893758208c9a4a9c6050ca55da6a9eac2d29ac0b22fc26f7994716dabfcdc155785f9ac734ef5851b0f6d4bef9f37793825adf9291338775dc1b88b2e3c5f0c5e8c4c20ec910c4aa327838158d31e218948c6a045b5eef19f81244a3b094983bdbaadac532e278f382eba7fb921f23760d56aa9df6dd5dcfbc68756a847970e017a0a28eff72381226bdfe4f6de9f6749d093b4823d7f38a926d951b7427ff643c0ec43650f0179a688f11d3819041290edbe2cdde7ef5fd75f2ff95907d370fe86b5021311a817248779a6fcf5003da2a007d2171d84874fc5d4285cb6c9f79cfc70bb41ac2508303d1204c46d5cb0cd2817ffe92bd874c2508b01c7c30f16c60780e4f3e2dad28cdb58019657eb5ad6a2dc92a6c473a7ebcf59a75a15d8dd2d18e6204f06022bf05071615f3efde1b46ac39e80b2274e46ae42d91c663358131f9fd0b52f80bbc12e2dffa35bd7492e64d91d3f02ef346b9d597cdaa1e4781751f5daa726fe2cec407b5a6d1a6849e16fa1369f0e0b61d4a89682520f47cdab525182e63ab62b3e58e8062cd15a3246b7851681a817111c0ad5300b98000f1e91490e733221c6b4459c0f53280630e1884464b584eb9fbd81dce04ee903f25580859ddcaf48006f2ed60f5bad590907594875b55c2f7e04dd8b4a119c4ba518d24e06dd8a5ea05463cd2c3d3a6481b76f228fa08b59105a4c2ff694ce10f56f414433850672fe404d2545875562a722d17c157b344cf0680118062c70992f395f1c6384d281d3705582aae66ed0c8eb41211640b772dcfc21e02b27c7740cb528d1a3726761a185a1f683aae1650f18d88133e503a4cd9c66cfb9a841e260dda4e7e2e6e4abb53a7743b722838ba74bb211a809699577c05eae27574a30c0cfda1c15849493277042f485218a8980f3594c7b951fb214ecf6e317428bdeb8be93d772a88ef3bb389f8b2d0329ba8a58e4318fc46123c048d88fd8189dacc4ea8e359793dc1423cd77009602412064c8bf2a640ab18c44c6f6857e57f2bb5a831182376cd8dd51e9e3c18229b1049576ac87d1435cc308c72eb4856fbd31a741a4b3889fa10400984b6a670f98e1a0e32e6d221a7565495e6f477e4c5bc5612dd8d38f27244c7178e2a814fb2dae3cd040323481095ad198457edf61af656cc55cfc62c266bfa2190f25a59983774235cd27bacf4bdb23f111a3bd47b9f82c1798bd7515c0d531a8f5686511939cb902ba368ea65a8b9685941f9dccfb60b8c031d361af0c9586c831c00d65552be52a93799cc7ace2dad5b31c11ec55e29d9f932901aa15da734219f686721ad50d1d98b0177497c25f59911c66cee7a2d2dc4dbed9b6c28e1001c333fdf281e78d348cc5d5a69e3ee8cc64fa53a6490eccb71942109fc1dcca9caffdb150b2250112092703e084e9f95cbf13cd1b2ac02226c0bbfa036523774d633d08ae76ed12308509680c8a41c181742bb951128b362168cb49d26375d578347fa22ba565cdbb764d89ec56a3504e042db9b147d2c70f1e470fbedfa9af346671bb1ac5301ddce7eb9ded1c761aef4905ba74a979e6837a00adc0414a1b7116562b13aa601bfd94ae39aa62b03e33c0fb95d5aac2d6181f1ebb60282dfcec083f050c9dc44cfae148131821e891a8a85de7d4da61e00dfb37ec04294d687ccc37c6f25165fa7621c70f044fe377da12d29ec7547bb2b1057a97fb1f4dfdd69c483fea5a8fed84eef6c8434b394e6fafea8b472241b66850a1496939c5ae2ac0ea1cdd2fc902250394d72f51d5c8c17fc6403d2e6ae495ea7bd091d43f2199e8ec16f6d5b519065850805c26256b50dd3b55a65a3ad7a1661d9c4520ad0e39820b2dfa717753f64bcdd6fb5ea73cccfdb3d695e700e8de3eaeba61c9a88c341086566bb5dc487396ef8a6b81e771dde9ebe0784b6d72c28f6f8a3ef21c0e655ab01452554a5c14f19d1b22268ba88bb895a286d80c8ef3d124d55df6d42920dbd5f7c284e793164a539fc5bbf9c6416ae8a0b5720989a8f7430b79d8c302a1cd4ef66b4c1c97ad35b60637df4c3f7a1f8a7e80ea7d7d933396dccfda808c6c4377e431640d7e6de89320f186b6d292f63a153a4b134f1e574fa5d4d8d101802fbd4fe173086c49e1ec69f64c149b6246d1d671bfcc69964e053fed0ac518e2b706395b123c887c4501ef67543398b3b64ebbfe98a89167c5310642ea37272e84db2ed78de76e64663bc33b83097a7333d5b177093d2f6c385b6c98d72944eccaae0388bbe912f206418f3f4bc3054b47dea1802cd703092f91f2ef8ef935d41bf29a56665e9ef8ccf87c157fb49e8391130127dd8b6bc5e03a6f7e98fb03dc0a5bc148eca6c705415a102c0047232d4e95863e944bf6b15e5a127f6e6b2e2cb2260266e690e67194943128eff2b34ba687c2a0e532a011aee2774782fbbe55d14a9d29e1067b11426d403f7f19b44d68d84d8ff43a269d8ba4f4481e82a3dad2fc46b2fe980d30666b68c6bd6a79aadd17922a4354156880cdf09243b590689a0dc428d7ba428a5d5d0a8fd0819f2ab556ce8dd7c5ed8df6ddfc0fb4520a35fbf538168e862c7f5d8e75517c39a6d61810235118444fbe05b0a5fd0132343a5d50b2e0410c623301108bbd6da0eac4b30aeb32f39f7efd6dd6d3637e6c5ded385ed4773545de5c59afee1915f94a13107098f4903dff0415683d9dc38eed218ebf0e739f3182b792b635ce26d5c70090e1f0a848d48405b3fcbcd9d48d7b34b3a4003c1bddbf8da1e8c69466df491718939f4ed4585275e11ed22445fe570dfcbbda17ea424791aec9059dd32a8676eb74d176356ff94c3517ca3714a83a8f22609ad176875171f12a69af42e5c40ec372b2b8bb8840047472e4408ac00b47f8d483de46da024b1f8705d0df8230b0f2188dafa5544e76203a2de50f5deee2a19988329b5532d52017ce83c687e4016f10308429dea484cf02624d237dbad69468f19659858e31ab6ea6f2129d957a0b33c172acaaa2b13840fe95838682a1caec66fe6f7b1cc4fe5d3e2896171f133cf45c6d1fc7aca48e5ff2d9503c28cfee3f4826dbffa2663fd9a4c0a63d0121f73f3618b1ce9dbb13fe4e0df76bc191af9469ac915bc78b47433b079dd9d9c31255252c131ee6ee1e94d8558d9cb46409b2e905ad72501e6e5d3452d8e381e921fee2b8a3560728cb1e489e99d60791d1acbcbd1cfc753ba74543cb7e38d68825a89e2f1c6c39afcb03a9d71b70117634c6d99848a2f9d599a69ad4323d0cb2cfbb746811e6ecb02e96cf87cc9dd801fa8f416eb5216690e3617aacfec4aa57bbee287c6cc1f3be791460ed056962b6fdb6c32f1c370e0bef37c820b79d2897ed269234eb6fee0fff9c01eaa7a3052f88cf5b982def34ff0f43d0cf1722b038f7987a3dc45c0913a1fb6cf27ba14d1b09750bebf34c47093203b16e12f71340df1190606a2bbda717e5d6a5f2db775f72aa20782414019fcb9ebcbcaee22f749c9ac75d4c105834621ba6ba74fac71221e7cd5a72f27b3f9e0cadee4fd8afc5d5a2a77a43ad776587abfbf7e1c60510a82f7282e9260e99de01ed6e7361d79772c2550592a0022937631f1859f96c892d26e4ba0cdbf9da98919710b764882a09d314adf09b17daf46bcadfd28a4b096daad35eaa59779a793334a2b25313c375cc0576deae6e9ca8ae988e553854ccb755bf9e04be33e4e8e2c4a2d2c9772529af6f7fb75d3c837dd37853e1c3e5216b7005d80fedba0d96056ce16cd753f747157e01ed7b65553a3c28df2c050552d17fca1593f6322a2a707f327a5fa2bc2c3af934c998d0160c9550d5eccdcda7a9d1a8e9e6f95d6816bdd7e94288568392331ccc22c6c63ae0ca343f423184f961039936d968d45792a0433dd2940e03077e55ed211e97099e90e6fe2a77a79d041dc88279e513b63f2b6ca234e3e8fc4fdf47235086e121982d0fe5da35f2862bdc6ee760592c496c736bbcf232bc7fdf5252f8d8f3ca186f71e625ad6cc892ddf3d8c22040ba853828bea2c254736c07506276b5b18143b9c1d1cd79b9e4e5703289227353ea15e1ec7917c62bc179755584dc0b3d6dfee792bae013e440abeb0248b821b132d52917a8aa90ed76b5dce0d816bffb9ee8a3658c387e45d94e8789833322530c48b6b4e927a4d65cc041f9fc37d786b4ac3f8a5e859cdc16a073ef69156cd8a4bf4ed5b608721464bace3b069359d4085c0417a87f8c47b7de52edcc4abc56c6d57eb0994b62f3697c91db405d92e27b7653ff93bfde1fb01878126949396828ca0c50fff9f63db887af957e33ae378c2b9c16d15f7dac425aa66f576c385226adbf55eabec709aa8f21f23abaf7b98e8e64122ee0b7b945dd66acadc5eb543269251d5f36fd5c329d34846e1c6f97a64231331f9f68c7641c9b7ad24b9dc34b6045a630452e505157a7c6371bc3757c21790105d31032b5ee", &(0x7f0000001200)=""/15}, 0x20) sendfile(r8, r7, 0x0, 0x6) 12:33:29 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x200000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:29 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffff7f00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:30 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x7c15000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x10000004, 0x2, 0x3, 0x0, 0x3f, 0x2, 0x10000000}, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0xc0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x94ec5, 0xb8) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x800000000044e280, 0x108) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r5 = dup2(r3, r4) r6 = dup(r2) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x8f, &(0x7f0000000340)="631e63b52fdeaeb2824e0146872a9e8a3273c0205829c318c3344eed936befb820ab25ea63cf5b8c4305222d0f88dcfe5ba66b200634973c30ebe2a0215f513c2f7b07cb5bab589415eeb544220b7a19ce8c6967acd45b5ce270acb636e644a0ac8da9c198e29e55509991ec892fb555be9b479b16d520f62d7a80035a2a5758b13f0649905c67c3a83b46bbdc9d56", 0x1, 0x1, 0x401, 0x2, 0x7, 0x49f609a78b1e5944, 0x2, 'syz0\x00'}) ioctl$MON_IOCX_MFETCH(r5, 0xc0109207, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0], 0x2, 0x4}) write$9p(r6, &(0x7f0000000b00)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10ae92cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4bdce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5c5cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2eee0a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c44915088b0db01ffbafb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce04a0f64d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f9e94a9a7b89438e50b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ee67b753f6737e0d2f4a527503", 0x607) sendfile(r1, r2, 0x0, 0x10000) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000180)={0xb3}, 0x1) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r8 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f00000002c0)=r7, 0x161) [ 736.840115][ T2003] mkiss: ax12: crc mode is auto. [ 736.929397][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 736.929430][ T28] audit: type=1804 audit(1594038810.232:459): pid=2002 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/400/file0" dev="sda1" ino=16378 res=1 [ 736.975458][ T2015] mkiss: ax12: crc mode is auto. 12:33:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:30 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:30 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$apparmor_current(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="706572720af16510f16c6520a92ee2080c243cd9478789260000005e7464d933086302c5fc43203e9e479464a3f7596bd311a20d585862e8be2617e631a089e3ad16206ba5e8a85a9c455484f1d777fad5f8cd492ed145f29e90d828c9e98097109b8811bb3cc695c7d8db134fd6f0626497f6d6e2bc6534ac5098cd60bf346a169a7339bba3"], 0xe) 12:33:30 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x300000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:30 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 737.168691][ T28] audit: type=1804 audit(1594038810.242:460): pid=2014 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/400/file0" dev="sda1" ino=16378 res=1 12:33:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 737.292427][ T28] audit: type=1804 audit(1594038810.602:461): pid=2045 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/403/file0" dev="sda1" ino=15908 res=1 [ 737.321682][ T2006] mkiss: ax12: crc mode is auto. 12:33:30 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) r5 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, r4, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x13, r6, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r6) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) pipe(0x0) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) 12:33:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:30 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x841, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendfile(r1, r0, 0x0, 0x1c01) [ 737.444075][ T28] audit: type=1804 audit(1594038810.652:462): pid=2052 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/403/file0" dev="sda1" ino=15908 res=1 12:33:30 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x400000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 737.561324][ T28] audit: type=1804 audit(1594038810.752:463): pid=2049 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/401/file0" dev="sda1" ino=16170 res=1 [ 737.605532][ T2064] mkiss: ax12: crc mode is auto. 12:33:31 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4408040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x16, 0x4, @thr={&(0x7f0000000580)="51a1cd9da277a9acb410034b16317e1dfbf078a6e3f74661d90e9e456c68f152ef0789e7e9ee245f7f266fb27eeb37015edccb2c39a05b10fce01e79aefbae7ed193893997781869ed547d02c52eb7a1f952979a413457a19689383a977326a94bcfdac56b5bbc53608f577ead1a3ee619c151ca8cba0677f29cd9a8f9e7c1ad670b113307720f8293db357ef95ec14c514fbfde2c328ff100c1afd29a635b08e02b8aa6d878074947723bb0f0c9accafa4a453b46b3d06fd0ba95972ff76370aae15895c0300d658a0bcbed16490b194c985ada7bbddbb85384f57c42b6449ba1b71b78dd75cdd37cbc0cc452e241cdbbcbd214c7122dc7485589f4c0bca5ef35c890c05e024c6b383d55aa35488840343f3ceb81257815a112e086d188521790103fff0f0000685891bebf7907409139da7d894ec04e13b36026c2808f271c8d8edf9abb810b1488723cae1302464e91760a2a7b5c06c514113c0051643270f44cb459fb0e6c113951609aeac0aebc370e12f7d651ca0c202441934c586f76c058e6fe39391a6bed6c3166175aa9d491fb431e1015504204e0fa6b3d829619bb1d1607c4c166d5548599d9ac64e7a1eb2cf127e959a84218a38edc28070c5ea46afd035280cea04e697eb5960b9341768a9e03a3dcd6ccd539a6677791c49d1277116ffac283a496f97cb11daca590f25e509ccb0d9accf173d5876df2e21539a7b5648032b9b09ae7ad6d94f7c3d8a7", &(0x7f00000004c0)="660dad6dd332ddc6532fdf5acb3bcb8bf6b359d5ea602771c2adbd521b8f7694684f533fdb60d1f42d1ea334be4549c82e49f800a2b2ec19086d65dbeb3ce5d8cec9be1da9e145eec77311a29a8b238a47e1fe9564928a9012d58d40a97a845c6e88883e745ae07029a3a2ef8682151bbaeeb26d561236b5f9a68d9bb49a4642c02128939a6201d3ec6813b0d4e5a1a01c8fc939"}}, &(0x7f0000044000)) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, r2, 0x0, r0, 0x10) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0x3, 0x56555959, 0x1, @discrete={0x0, 0x63}}) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x14, r8, 0x821}, 0x14}, 0x1, 0x0, 0x0, 0x94}, 0x4000) close(r0) 12:33:31 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 737.737638][ T28] audit: type=1804 audit(1594038810.752:464): pid=2059 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/401/file0" dev="sda1" ino=16170 res=1 [ 737.818052][ T2077] mkiss: ax13: crc mode is auto. 12:33:31 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x500000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:31 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bffe", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 737.884592][ T28] audit: type=1804 audit(1594038811.102:465): pid=2073 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/404/file0" dev="sda1" ino=16377 res=1 [ 737.968855][ T2077] mkiss: ax13: crc mode is auto. 12:33:31 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x200080, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 738.055939][ T28] audit: type=1804 audit(1594038811.102:466): pid=2076 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/404/file0" dev="sda1" ino=16377 res=1 12:33:31 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:31 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bffe", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:31 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:31 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0xb2, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x102) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x0, 0x0, {0x11, 0xf, 0x15, 0x4, 0x0, 0x8, 0x2, 0xea}}) connect$phonet_pipe(r0, &(0x7f0000004800), 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getpid() ptrace(0xffffffffffffffff, 0x0) sched_getparam(0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000000180)={{0x7, 0x8}, 'port1\x00', 0x10e, 0x1, 0x2, 0x3ff, 0x6, 0x5, 0x3, 0x0, 0x4, 0x7}) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) 12:33:31 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x600000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 738.588960][T10166] tipc: TX() has been purged, node left! [ 738.591906][ T2127] mkiss: ax12: crc mode is auto. [ 738.728976][ T2127] mkiss: ax12: crc mode is auto. 12:33:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x6) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="40000000100005"], 0x40}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) bind$nfc_llcp(r3, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x2, 0x40, 0xc0, "8b629c14824bca248e2192fcc5af9dc7ca456f6d5c1d3f749484753bd520684ba1af5657711159198ae854d486f1f8379c5964e1e719054e9e80885c321239", 0x33}, 0x60) 12:33:34 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(0xffffffffffffffff, r3) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) r6 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r6}, &(0x7f0000044000)) r7 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r7}, &(0x7f0000044000)) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x6d8, 0x39, 0x20, 0x70bd29, 0x25dfdbfe, {0x1f}, [@nested={0x124, 0x67, 0x0, 0x1, [@typed={0x14, 0x4d, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @generic="c2c04630b47ca5319b60712d568186aa15ae9c5c9a96163eedbea614900a105010847dc2d59c7ec65ad33c4988b537268a6ae782a62291e7d3e2bf83e3f7865d26480a97b7820619ead5922a97e0d7a41b3065fa4bfa6ea6abae2f3877a290a8ddd82ec0910ca174c4a598da4c40412a3c86e49cd01a52a6dbf81827b963e116ae4ac9757d4066f9350a2b07621e2f385328df71d615b405f5bf991288670f9436fe2d3b91e104061e4fe96444c3145ca97a3967ddeb81c98266a3e52c5119fa70cb76a70bf9a97f322243ceeb13b6c38967c267327f6ef9f54ccb652dab1db29409f2e2f4bc380c8671fc499ca3aaae", @typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x2c, 0x0, 0x0, @uid}]}, @typed={0xc, 0x20, 0x0, 0x0, @u64=0x8000}, @typed={0x4, 0x10}, @nested={0x2a8, 0x57, 0x0, 0x1, [@typed={0x14, 0x15, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, [], 0x1}}, @typed={0xc, 0x73, 0x0, 0x0, @u64=0x4}, @typed={0x18, 0x84, 0x0, 0x0, @binary="af3402260b79d7596b2ae5dab6ef2cbd24bb4ca5"}, @generic="ef92825d82ee80b62e59052f9ba16fa17aadbfcce19d8ae9ff6fa795ee330995a3bfed8bb3ccdeec29b5feb8382a557e7791440092b14ab89604a3da3909f4beedb129efe73b2dd853130f1d61978aea2dcc957acec0cc1b54d4eca7436dc362688b54c22efd6a9b79cc466ceb7320719c252191b3d12baeac2b37328b6207459a8a8b363d3809d86ee42eeb5e0c5689bcabf62c9c49504c70c1cbd3d97d18d41142e253e76bf91a5fbd9ebf1f5046ec49b38846cf325e16131e58e7a9108c50976605b593006510850dc718ade5b4c03e1bba", @generic="f29c615e9252b665232b35f5ef248e0453101b51aaa7c15b93e90b288e0b06b43d03e2c03e3715147d06db2dc3df639db2eea8d5f36937853498866504cbb116826c00545b7174d3ec68e505b7aaa5c6a2d3d86079acff7455f745454a921d825064dd59b91013c290ef9d45a8c3a07ffe803f3cf2cc6135d05214c0dff48d7cb5a5728be4ad759786532b7108f2e8c76e4a37e268c96aa0abaa86913c5ed5777f51d6530b055cdeddbdaa29999a51cea2128f0a791d1d5b37d19ee9ef2cdfdb", @typed={0x8, 0x30, 0x0, 0x0, @fd}, @typed={0x8, 0x5d, 0x0, 0x0, @fd=r3}, @typed={0xc, 0x24, 0x0, 0x0, @u64=0x7720}, @generic="a44f016681c2d406b6a0afdf4be3a9c753875bd097dccd0d5678987d90a7333fad7e1206f2b8c55b51194d9f3544ad10ec67630594936e1508a0242f19ebfa1bbcdf42ec1edc94d8d75e51a9f83b82bb0ac65715b9c2214b4b6a6526dc62ab96bfea1562e07d998b330e39aabdaf015704d22a7005aa29d988ad6c03e2f5094a48325ea393376ca63e360bc4e6d9b375142c36e4102e28ed12d5a9b7c4be293c6f1b8a3a16127832c0352f5064bdd9b13d718a702cf246744b843082d0"]}, @nested={0x293, 0x42, 0x0, 0x1, [@typed={0x100, 0x90, 0x0, 0x0, @binary="baf607350ccb4acaba886e35edfad688ab1c64ee095cec1c7c2345aea02a7e68d3128d634a8be534ecd3341f390841fd755a2829b9cbcec7cd6533971685f66786d939feb884d6d76e0efeda2b748508fb3a1a4fe99ef8542962971c5be39ec8974bab9a807f821f779eb90d65fc0dc39f7428af13ef36fb8476ba68b1222b056aad9304c86456bf21040fa42d3b52320b56468ab9c63bca0be958f6d619502eeae8928d1be54b4d638d3f28b588f5fe744da075a327a25c0c5be023c638aa22f3a2d2e88c6cf07884f416cba6eafbf8fc0e810c4b8c6c95e12ecb12ccc3406bb43033c6660adb4abd03df33e71c4b66f359a77df62bb78d76b470e1"}, @generic="dfd211b79e2278e1f21e4428f7b6dc44003d3ea5beb81d0b5b5fc6f3f12cb01c6c6d7a7214e9ccb1a6e6fa81b54e70f9b5b8633e4950f463828356a402b56adaa29fdcd464ff96", @generic="3fdfcb3eb06428810024608aa658c9ea8530c86c0009a8ec227a0c1420ce18cceb677f45d6020c3719441e644332ffdd4176bdcd771131c264ae4aa5bc3d345fb7b289acc83eb34aa47743a2a2cacb632b880ce90fd8649c035244cc713e290675e92043e7af44e3a669858191109e2c8f198d8a91e263a915c756bb4707769d020924c9fe887baa47dd15e8b407af2091fd00b5bb1d5acd77b0b349f88dc48bfce12520e94ebb66d49fb598f9bf5ae306118d50111c32302a632f99", @typed={0x8, 0x96, 0x0, 0x0, @uid=r5}, @generic="5828c486a46de0e875a01a8f247b4e5c180d15ff62122c26afd91993aa05e2eac8bb286b250394aee76249114b99bc89005f9f6d1437dc5b228f5ef3a3d6c2c6b2c8a47caec79a48a99fe78c300a144c16f37174", @typed={0xb, 0x8, 0x0, 0x0, @str='!*{}%$\x00'}, @typed={0x14, 0x81, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x8b, 0x0, 0x0, @pid=r6}, @typed={0x8, 0x5e, 0x0, 0x0, @pid=r7}]}, @typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@local}, @typed={0x3f, 0x4b, 0x0, 0x0, @binary="14e01b8595b131d1f59bbf83560853341590fa6925308b3ed97f78ee328927e563b1a53f067ade68ee33f431c54ee2c4c68cb4853ca750f479f760"}]}, 0x6d8}, 0x1, 0x0, 0x0, 0x840}, 0x80c0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:34 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x700000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:34 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf80", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:34 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x48c440, 0x0) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000040)=""/40) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0x82, 0x0, 0x0, 0x1}, 0x0, 0x40d, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) sendfile(r3, r1, 0x0, 0x7fffffff) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f00000000c0)) close(r2) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) 12:33:34 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:34 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bfc0", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:34 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x4302241, 0x20) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x9) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 741.157263][ T28] audit: type=1804 audit(1594038814.462:467): pid=2202 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/407/file0" dev="sda1" ino=16380 res=1 12:33:34 executing program 4: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(0xffffffffffffffff, r3) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) r6 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r6}, &(0x7f0000044000)) r7 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r7}, &(0x7f0000044000)) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x6d8, 0x39, 0x20, 0x70bd29, 0x25dfdbfe, {0x1f}, [@nested={0x124, 0x67, 0x0, 0x1, [@typed={0x14, 0x4d, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @generic="c2c04630b47ca5319b60712d568186aa15ae9c5c9a96163eedbea614900a105010847dc2d59c7ec65ad33c4988b537268a6ae782a62291e7d3e2bf83e3f7865d26480a97b7820619ead5922a97e0d7a41b3065fa4bfa6ea6abae2f3877a290a8ddd82ec0910ca174c4a598da4c40412a3c86e49cd01a52a6dbf81827b963e116ae4ac9757d4066f9350a2b07621e2f385328df71d615b405f5bf991288670f9436fe2d3b91e104061e4fe96444c3145ca97a3967ddeb81c98266a3e52c5119fa70cb76a70bf9a97f322243ceeb13b6c38967c267327f6ef9f54ccb652dab1db29409f2e2f4bc380c8671fc499ca3aaae", @typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x2c, 0x0, 0x0, @uid}]}, @typed={0xc, 0x20, 0x0, 0x0, @u64=0x8000}, @typed={0x4, 0x10}, @nested={0x2a8, 0x57, 0x0, 0x1, [@typed={0x14, 0x15, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, [], 0x1}}, @typed={0xc, 0x73, 0x0, 0x0, @u64=0x4}, @typed={0x18, 0x84, 0x0, 0x0, @binary="af3402260b79d7596b2ae5dab6ef2cbd24bb4ca5"}, @generic="ef92825d82ee80b62e59052f9ba16fa17aadbfcce19d8ae9ff6fa795ee330995a3bfed8bb3ccdeec29b5feb8382a557e7791440092b14ab89604a3da3909f4beedb129efe73b2dd853130f1d61978aea2dcc957acec0cc1b54d4eca7436dc362688b54c22efd6a9b79cc466ceb7320719c252191b3d12baeac2b37328b6207459a8a8b363d3809d86ee42eeb5e0c5689bcabf62c9c49504c70c1cbd3d97d18d41142e253e76bf91a5fbd9ebf1f5046ec49b38846cf325e16131e58e7a9108c50976605b593006510850dc718ade5b4c03e1bba", @generic="f29c615e9252b665232b35f5ef248e0453101b51aaa7c15b93e90b288e0b06b43d03e2c03e3715147d06db2dc3df639db2eea8d5f36937853498866504cbb116826c00545b7174d3ec68e505b7aaa5c6a2d3d86079acff7455f745454a921d825064dd59b91013c290ef9d45a8c3a07ffe803f3cf2cc6135d05214c0dff48d7cb5a5728be4ad759786532b7108f2e8c76e4a37e268c96aa0abaa86913c5ed5777f51d6530b055cdeddbdaa29999a51cea2128f0a791d1d5b37d19ee9ef2cdfdb", @typed={0x8, 0x30, 0x0, 0x0, @fd}, @typed={0x8, 0x5d, 0x0, 0x0, @fd=r3}, @typed={0xc, 0x24, 0x0, 0x0, @u64=0x7720}, @generic="a44f016681c2d406b6a0afdf4be3a9c753875bd097dccd0d5678987d90a7333fad7e1206f2b8c55b51194d9f3544ad10ec67630594936e1508a0242f19ebfa1bbcdf42ec1edc94d8d75e51a9f83b82bb0ac65715b9c2214b4b6a6526dc62ab96bfea1562e07d998b330e39aabdaf015704d22a7005aa29d988ad6c03e2f5094a48325ea393376ca63e360bc4e6d9b375142c36e4102e28ed12d5a9b7c4be293c6f1b8a3a16127832c0352f5064bdd9b13d718a702cf246744b843082d0"]}, @nested={0x293, 0x42, 0x0, 0x1, [@typed={0x100, 0x90, 0x0, 0x0, @binary="baf607350ccb4acaba886e35edfad688ab1c64ee095cec1c7c2345aea02a7e68d3128d634a8be534ecd3341f390841fd755a2829b9cbcec7cd6533971685f66786d939feb884d6d76e0efeda2b748508fb3a1a4fe99ef8542962971c5be39ec8974bab9a807f821f779eb90d65fc0dc39f7428af13ef36fb8476ba68b1222b056aad9304c86456bf21040fa42d3b52320b56468ab9c63bca0be958f6d619502eeae8928d1be54b4d638d3f28b588f5fe744da075a327a25c0c5be023c638aa22f3a2d2e88c6cf07884f416cba6eafbf8fc0e810c4b8c6c95e12ecb12ccc3406bb43033c6660adb4abd03df33e71c4b66f359a77df62bb78d76b470e1"}, @generic="dfd211b79e2278e1f21e4428f7b6dc44003d3ea5beb81d0b5b5fc6f3f12cb01c6c6d7a7214e9ccb1a6e6fa81b54e70f9b5b8633e4950f463828356a402b56adaa29fdcd464ff96", @generic="3fdfcb3eb06428810024608aa658c9ea8530c86c0009a8ec227a0c1420ce18cceb677f45d6020c3719441e644332ffdd4176bdcd771131c264ae4aa5bc3d345fb7b289acc83eb34aa47743a2a2cacb632b880ce90fd8649c035244cc713e290675e92043e7af44e3a669858191109e2c8f198d8a91e263a915c756bb4707769d020924c9fe887baa47dd15e8b407af2091fd00b5bb1d5acd77b0b349f88dc48bfce12520e94ebb66d49fb598f9bf5ae306118d50111c32302a632f99", @typed={0x8, 0x96, 0x0, 0x0, @uid=r5}, @generic="5828c486a46de0e875a01a8f247b4e5c180d15ff62122c26afd91993aa05e2eac8bb286b250394aee76249114b99bc89005f9f6d1437dc5b228f5ef3a3d6c2c6b2c8a47caec79a48a99fe78c300a144c16f37174", @typed={0xb, 0x8, 0x0, 0x0, @str='!*{}%$\x00'}, @typed={0x14, 0x81, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x8b, 0x0, 0x0, @pid=r6}, @typed={0x8, 0x5e, 0x0, 0x0, @pid=r7}]}, @typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@local}, @typed={0x3f, 0x4b, 0x0, 0x0, @binary="14e01b8595b131d1f59bbf83560853341590fa6925308b3ed97f78ee328927e563b1a53f067ade68ee33f431c54ee2c4c68cb4853ca750f479f760"}]}, 0x6d8}, 0x1, 0x0, 0x0, 0x840}, 0x80c0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 741.245282][ T28] audit: type=1804 audit(1594038814.462:468): pid=2208 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/407/file0" dev="sda1" ino=16380 res=1 12:33:34 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:34 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:34 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:34 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x121342, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f0000000100)={0x4, [0x0, 0x0, 0x0, 0x0]}) ioctl$SIOCAX25OPTRT(r2, 0x89e7, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x2, 0x56}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 741.748505][ T2240] QAT: Invalid ioctl [ 741.803903][ T2244] QAT: Invalid ioctl 12:33:35 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006970766c616e00000c0002800600010000000000140003006970766c616e31000000000000000000"], 0x50}}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(0xffffffffffffffff, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, r3, 0x0, 0x8, &(0x7f00000000c0)='ipvlan1\x00'}, 0x30) r4 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r4}, &(0x7f0000044000)) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000340)={0x9, 0x1f, {r4}, {0xee01}, 0x2, 0x7ff}) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x8) fstatfs(0xffffffffffffffff, &(0x7f0000000080)=""/14) ioctl$sock_ax25_SIOCADDRT(r5, 0x890b, &(0x7f0000000480)={@bcast, @bcast, 0x3, [@default, @default, @null, @null, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) dup2(0xffffffffffffffff, r8) ioctl$TIOCGETD(r8, 0x5424, &(0x7f0000000000)) 12:33:35 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 741.944555][ T2240] QAT: Invalid ioctl [ 741.984901][ T2253] mkiss: ax12: crc mode is auto. 12:33:35 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 742.128663][ T2253] mkiss: ax12: crc mode is auto. 12:33:35 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x4, 0x7250}, 0xc) close(r0) 12:33:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 742.181060][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 742.181072][ T28] audit: type=1804 audit(1594038815.492:471): pid=2259 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/409/file0" dev="sda1" ino=16183 res=1 12:33:35 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x3f00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:35 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x220}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-control\x00', 0x2000, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000400)={'trans=rdma,', {'port'}, 0x2c, {[{@rq={'rq'}}, {@common=@uname={'uname', 0x3d, ')'}}]}}) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(0xffffffffffffffff, 0x8250aea6, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) dup2(0xffffffffffffffff, r1) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f0000000300)=""/171) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x4f36, 0x481) syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/time\x00') syz_mount_image$tmpfs(&(0x7f0000000100)='tmpfs\x00', &(0x7f00000002c0)='./file0\x00', 0x2, 0x0, &(0x7f0000000380), 0x1010010, &(0x7f0000000640)={[{@huge_within_size={'huge=within_size'}}], [{@fsmagic={'fsmagic'}}, {@dont_appraise='dont_appraise'}, {@smackfsdef={'smackfsdef', 0x3d, 'trans=rdma,'}}, {@appraise='appraise'}, {@context={'context', 0x3d, 'unconfined_u'}}]}) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c", @ANYBLOB], 0x3}}, 0x0) [ 742.341944][ T28] audit: type=1804 audit(1594038815.492:472): pid=2264 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/409/file0" dev="sda1" ino=16183 res=1 12:33:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 742.454733][ T28] audit: type=1804 audit(1594038815.652:473): pid=2276 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/407/file0" dev="sda1" ino=16205 res=1 12:33:35 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x80000, 0x0) fcntl$addseals(r2, 0x409, 0x1) perf_event_open(&(0x7f00000001c0)={0x5, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x40c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x16}, 0x401}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 742.592113][ T28] audit: type=1804 audit(1594038815.652:474): pid=2279 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/407/file0" dev="sda1" ino=16205 res=1 12:33:36 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 742.698893][ T28] audit: type=1804 audit(1594038815.712:475): pid=2279 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/407/file0" dev="sda1" ino=16205 res=1 [ 742.737447][ T2287] tmpfs: Bad value for 'huge' [ 742.828706][ T28] audit: type=1804 audit(1594038815.712:476): pid=2276 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/407/file0" dev="sda1" ino=16205 res=1 12:33:36 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4000000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:36 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 742.980019][ T28] audit: type=1804 audit(1594038815.992:477): pid=2290 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/410/file0" dev="sda1" ino=15908 res=1 12:33:36 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 743.112370][ T28] audit: type=1804 audit(1594038815.992:478): pid=2293 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/410/file0" dev="sda1" ino=15908 res=1 12:33:36 executing program 4: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001200)={{{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in6=@initdev}}, &(0x7f0000001300)=0xe8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001400)={{{@in6=@initdev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@private1}}, &(0x7f0000001500)=0xe8) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000001600)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000015c0)={&(0x7f0000001540)={0x68, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @multicast}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r1}, @NL80211_ATTR_MAC={0xa, 0x6, @dev={[], 0x19}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x101, 0x3}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x6, 0x4}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000005}, 0x20004845) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000407d1e6432400000000001090224000100000000090400000103e7ff0009210022080122010009058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) r8 = dup2(r5, r7) ioctl$TCFLSH(r8, 0x8926, 0x20000000) ioctl$DRM_IOCTL_MODE_ATOMIC(r8, 0xc03864bc, &(0x7f0000000180)={0x401, 0x9, &(0x7f0000000040)=[0x2, 0x0, 0x3, 0x5, 0x5, 0x401, 0x7, 0x6, 0x0], &(0x7f00000000c0)=[0x390000, 0x200], &(0x7f0000000100)=[0x9, 0x80, 0x1f], &(0x7f0000000140)=[0x8000], 0x0, 0x101}) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x1, {[@main]}}, 0x0}, 0x0) 12:33:36 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:36 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$EVIOCGID(r5, 0x80084502, &(0x7f00000000c0)=""/167) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000040)) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 743.202548][ T28] audit: type=1804 audit(1594038816.502:479): pid=2311 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/411/file0" dev="sda1" ino=16197 res=1 12:33:36 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 743.319194][ T28] audit: type=1804 audit(1594038816.502:480): pid=2317 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/411/file0" dev="sda1" ino=16197 res=1 [ 743.346001][ T2325] mkiss: ax12: crc mode is auto. 12:33:36 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 743.600931][ T2588] usb 5-1: new high-speed USB device number 31 using dummy_hcd 12:33:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:37 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4c00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:37 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f00000000c0)={0x0, @bt={0x400, 0x1, 0x1, 0x0, 0x9, 0x7fff, 0x85e, 0x8000, 0x0, 0x1000, 0xffffffff, 0x400, 0x3, 0x5, 0x1d, 0x5b, {0x5, 0x4a54}, 0x7f, 0x7}}) 12:33:37 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 744.005881][ T2360] mkiss: ax12: crc mode is auto. [ 744.021381][ T2588] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 744.049740][ T2588] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 744.088226][ T2588] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.40 [ 744.124187][ T2588] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 12:33:37 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6800000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 744.169000][ T2360] mkiss: ax12: crc mode is auto. [ 744.189229][ T2588] usb 5-1: config 0 descriptor?? [ 744.686973][ T2323] mkiss: ax12: crc mode is auto. [ 744.713082][ T2588] isku 0003:1E7D:3264.0009: unknown main item tag 0x0 [ 744.746748][ T2588] isku 0003:1E7D:3264.0009: hidraw0: USB HID v22.00 Device [HID 1e7d:3264] on usb-dummy_hcd.4-1/input0 [ 744.930854][ T2668] usb 5-1: USB disconnect, device number 31 [ 745.780741][ T2668] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 746.140890][ T2668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 746.160586][ T2668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 746.180886][ T2668] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.40 [ 746.190598][ T2668] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 12:33:39 executing program 4: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:39 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:39 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 746.318512][ T2668] usb 5-1: config 0 descriptor?? 12:33:39 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) getsockopt$bt_BT_POWER(r5, 0x112, 0x9, &(0x7f0000000040)=0x56, &(0x7f00000000c0)=0x1) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:39 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x6c00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 746.375299][ T2668] usb 5-1: can't set config #0, error -71 [ 746.425249][ T2668] usb 5-1: USB disconnect, device number 32 [ 746.624482][ T2462] mkiss: ax12: crc mode is auto. 12:33:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7400000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 746.767698][ T2469] mkiss: ax12: crc mode is auto. 12:33:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf20", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:40 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x153) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r8 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="11072abd7000000000000a00000008000300", @ANYRES32=r9], 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r7, 0xb81ac629b19e3d0a, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x10) 12:33:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x7a00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf10", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 747.278222][ T2518] mkiss: ax12: crc mode is auto. 12:33:40 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 747.474223][ T2518] mkiss: ax12: crc mode is auto. 12:33:40 executing program 4: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:41 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0='bpq0\x00', 0x80, 'syz1\x00', @null, 0x9, 0x8, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @bcast]}) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 747.682134][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 747.682147][ T28] audit: type=1804 audit(1594038820.992:499): pid=2540 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/417/file0" dev="sda1" ino=16218 res=1 12:33:41 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1ffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:41 executing program 4: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 747.837985][ T28] audit: type=1804 audit(1594038820.992:500): pid=2535 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/417/file0" dev="sda1" ino=16218 res=1 12:33:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 747.894327][ T2560] mkiss: ax12: crc mode is auto. [ 748.031992][ T28] audit: type=1804 audit(1594038821.342:501): pid=2565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/418/file0" dev="sda1" ino=15784 res=1 12:33:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 748.161169][ T2560] mkiss: ax12: crc mode is auto. 12:33:41 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xf6ffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:41 executing program 4: r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={r1, 0x4}, &(0x7f00000000c0)=0x8) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000100)=@default) ioctl$TUNSETLINK(r0, 0x400454cd, 0x204) r2 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000140)) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000180)) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x420000, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x9dc6}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000280)={0x400, 0x4, 0x8000, 0x4, 0x8120, 0x0, 0xfffffffa, 0xc3, r4}, &(0x7f00000002c0)=0x20) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='personality\x00') ioctl$SNDRV_TIMER_IOCTL_STATUS32(r5, 0x80585414, &(0x7f0000000340)) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/nvram\x00', 0x408102, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r6, 0x84, 0x16, &(0x7f0000000400), &(0x7f0000000440)=0x4) eventfd2(0x7, 0x0) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vcsa\x00', 0x40000, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r7, 0x770a, 0x0) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000500)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0xb4, r8, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xa0, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa9bc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd6f8}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f318d25}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4d643ff8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc019}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5922}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1c8c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xf00835c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6aa5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe245}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7d0029b5}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x416f6eae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2e8e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1e2d8d5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4e896ac9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf0b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xb8d0f2f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x286f}]}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000680)='macvtap0\x00') 12:33:41 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:41 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 748.701479][ T28] audit: type=1804 audit(1594038822.003:502): pid=2612 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/414/file0" dev="sda1" ino=15784 res=1 12:33:42 executing program 4: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x8000000000001, 0x3) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000080)={'security\x00', 0x4, [{0x29c}, {}, {}, {}]}, 0x68) 12:33:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:42 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xfeffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 748.884965][ T28] audit: type=1804 audit(1594038822.013:503): pid=2618 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/414/file0" dev="sda1" ino=15784 res=1 [ 748.955447][ T2629] IPVS: ftp: loaded support on port[0] = 21 12:33:42 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:42 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f00000000c0)=ANY=[@ANYRES32=r6, @ANYBLOB="81000000a27907dd5550c2dd4b6d1f6659ba78f40f1bc691cbd6c69cc9f1eed69401001bf7a17f517f91596ab21a72e49d8be809038872b072cbf185d8acf3ede4fa634b17aa2f1a425afdf486b60f1fbc7c782e2e2832342a559b86ab6189bf0dbe1f38941f205482dc3520a0a408b949d74608deb5c3987791bc14ad15c51bbbb0b905af"], &(0x7f0000000040)=0x89) r7 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r8 = gettid() fcntl$setownex(r7, 0xf, &(0x7f0000000280)={0x2, r8}) fcntl$setlease(r7, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r7) 12:33:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 749.169851][ T28] audit: type=1804 audit(1594038822.473:504): pid=2635 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/420/file0" dev="sda1" ino=16222 res=1 [ 749.198658][ T2654] mkiss: ax12: crc mode is auto. [ 749.269276][ T28] audit: type=1804 audit(1594038822.473:505): pid=2645 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/420/file0" dev="sda1" ino=16222 res=1 12:33:42 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xff00000000000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 749.459160][ T2654] mkiss: ax12: crc mode is auto. 12:33:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000040)) r3 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r4 = gettid() fcntl$setownex(r3, 0xf, &(0x7f0000000280)={0x2, r4}) fcntl$setlease(r3, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100}, 0x0, 0x3, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14) close(r3) statx(r3, &(0x7f00000000c0)='./file0\x00', 0x100, 0x8, &(0x7f0000000340)) 12:33:43 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bfff", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:43 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffff7f00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 750.095125][ T2723] mkiss: ax12: crc mode is auto. [ 750.276109][ T2631] IPVS: ftp: loaded support on port[0] = 21 [ 750.341975][ T2723] mkiss: ax12: crc mode is auto. [ 750.378072][ T28] audit: type=1804 audit(1594038823.683:506): pid=2737 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/422/file0" dev="sda1" ino=16384 res=1 [ 750.531377][ T28] audit: type=1804 audit(1594038823.713:507): pid=2743 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/422/file0" dev="sda1" ino=16384 res=1 12:33:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6c89c4571e000000000000000000000500010006000000ff1a3c20cb660dd248000001000000000079f13c539197492b773badef035637d19065c760f41381b40d010bf6671733a55898415ec4e37bf5bc"], 0x1c}}, 0x0) 12:33:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bfff", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:44 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:44 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xffffffff00000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:44 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0x40000, 0xffffffffffffffff, 0x4) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x31b1466bdb03fb98, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x2000, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f0000000140)=0x1, 0x4) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000000c0)={0xf00, 0x1b, 0x8003, 0x6, 0x7, 0xfffffff8, 0x3, 0x5c, r6}, 0x20) close(r0) [ 750.941049][ T295] tipc: TX() has been purged, node left! 12:33:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 751.131800][ T28] audit: type=1804 audit(1594038824.443:508): pid=2793 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/417/file0" dev="sda1" ino=16368 res=1 12:33:44 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\r\x00', @ANYRES32=0x0, @ANYBLOB="cb9cee2276f9e9b9ad1c232b0251dcde4483b92a40a1aa84247e55d1c63277e9f8def4f288714766c92fce8f0712551ad1833648e7ccfa47dadf9ced0741ca92122243b2d4ed9b8a005f3698385ca0e928c689f8f28d505ce9df4a22d64c"], 0x30}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x102}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="00dc070000000000280012000908010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r9, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="a4010000180001002dbd7000fbdbdf250a1010060004fd08000000000600150001000000fd00168045bc65057fbd780e197741f6004ecf03d91410d112443268e8ec6ccfa57b48ca2b72346195e1be64e0fb7167ed0ef837bf5d3bc1f932afd4545303d35e57d8cbb09760d391e1a9a49354649f1474c39b3797c4048b844841713de3b5f6def577d89ebad25e45751b687876467af70fb52f5117b7ae63fe24140d986fae965ab58a0a0280234d982538e6c7a481fbcb95b62ebe40d45b7c7f27f7e7bf31b21d0fcf6245b71c5e2c306bcaa804b736fde198fc001a3b8998f43b4f0628829aeec99d01cbb4a5e48e65fcf2de870cd55a47d74cefc69f388af3219a282da8f9d70ccc48b4e9df3c7ea28523ba9392b55d5ff4a2a0d37ac60d00ba00000014000500fe800000000000000000000000000032050014000700000014000500fc020000000000000000000000000001470008800e9d395cc3fdf6ee8d44767e8967835edfb986afb6adaf0a1d8aabf9011630a95eeaf49e792d2ee764b9886f63befbb82f88915017ffdd03c5cfe27e0b339b13358fec0008000400", @ANYRES32=r9, @ANYBLOB], 0x1a4}, 0x1, 0x0, 0x0, 0x4801}, 0x4000) 12:33:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 751.338036][ T2806] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 751.378936][ T2806] mkiss: ax12: crc mode is auto. [ 751.392812][ T2806] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 12:33:44 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) vmsplice(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="17cee2679dfb695d7cade0115f75d796d231a6b7dfcb61a55f94873b18e465833f8198183e65f81d9a55011e1a584c031cffd85428ee7fba7b5ae3cd53ee82d16c43f5cf8e102bf99b48bf8514599985e44e0ed87d7735a17c600db4d67073a2e5f3a235a86796a40af4bec65d9f5c7250730513c4ed456f9d24336728ad3ad8280b9336b37d3e781d99e9f06a5feff009efeb2db53ad49ef8c55de93ffd82c601139c551fabeed2f23b8c65abb41914075ea786b5f6ecdf150b9d74a99b495e7a14f38a39d76e765044546546f74a00fa", 0xd1}], 0x1, 0x4) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') 12:33:44 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:44 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r5, 0x1, 0x6, @random="f6ba7e932dd7"}, 0x10) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:33:45 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 751.754046][ T2817] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:33:45 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 751.840406][ T2842] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 751.933916][ T2851] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 751.944235][ T2806] mkiss: ax12: crc mode is auto. 12:33:45 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000000040)=0x3ff, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 752.081325][ T2856] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 12:33:45 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bfff", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 752.320940][ T2887] mkiss: ax12: crc mode is auto. 12:33:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000000040)={0x1, 'veth1_virt_wifi\x00', {}, 0xfa98}) r4 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r5 = gettid() fcntl$setownex(r4, 0xf, &(0x7f0000000280)={0x2, r5}) fcntl$setlease(r4, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r4) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 752.489025][ T2887] mkiss: ax12: crc mode is auto. 12:33:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$VIDIOC_G_PRIORITY(r2, 0x80045643, 0x3) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000052406000105240000000d240f0100000000000000000006241a0000000905810300001700000904010000020d00000904010102020cfff10905820200000000000000000000000000000000000000000000b100000000000000"], 0x0) 12:33:46 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 752.678396][ T2908] mkiss: ax12: crc mode is auto. 12:33:46 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0) r3 = syz_open_dev$vivid(&(0x7f0000000140)='/dev/video#\x00', 0x0, 0x2) ioctl$VIDIOC_DBG_G_CHIP_INFO(r3, 0xc0c85666, &(0x7f00000002c0)={{0x0, @addr=0x10000}, "7efb92eb024354ceb991f7539c5ccdfa20098f182b96f06d076f2132f20de8a1", 0x2}) ioctl$VIDIOC_S_EDID(r2, 0xc0285629, &(0x7f0000000100)={0x0, 0x9, 0x3ff, [], &(0x7f00000000c0)=0x1}) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:46 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 752.796737][ T2920] mkiss: ax13: crc mode is auto. [ 752.851868][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 752.851881][ T28] audit: type=1804 audit(1594038826.163:513): pid=2908 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/425/file0" dev="sda1" ino=16256 res=1 [ 752.960438][ T2908] mkiss: ax12: crc mode is auto. 12:33:46 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf8d", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 753.021033][ T28] audit: type=1804 audit(1594038826.163:514): pid=2918 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/425/file0" dev="sda1" ino=16256 res=1 [ 753.110416][ T5] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 753.199760][ T28] audit: type=1804 audit(1594038826.403:515): pid=2936 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/420/file0" dev="sda1" ino=16384 res=1 12:33:46 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bff5", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 753.390240][ T5] usb 5-1: device descriptor read/64, error 18 [ 753.395449][ T28] audit: type=1804 audit(1594038826.403:516): pid=2944 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/420/file0" dev="sda1" ino=16384 res=1 12:33:46 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = fcntl$dupfd(r0, 0x0, r2) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18040000", @ANYRES16=r6, @ANYBLOB="00022dbd7000fcdbdf2509000000100002800800010081000000040004003c00098008000200b9590000080001002000000008000100000001000800020002000000080001000500000008000100030000000800010000000000280007800c000300000000a9a9af22bad574d4ec13a0000000000c00030009000000000000000c00040002000000000000002c000380080003000500000008000300f40e0000080002002a00000008000100b4000000080001000200000008000580040002809c0206803f00040067636d28616573290000000000000000000000000000000000000000000000001700000044408705d57a61f4b9f43892590c27373a3246c1f2e88c00d8000300f9e253765503bc4af4a81dc24acc691667063ef5797a28272d9ccace155d9916bd34b8eaa718e338a68c4e29c4d076362856f920170abd36a8468bbc9946cb46a905804e28d96c00d30aed12f29ba6abe8c413d9e0899c52dff5ba3fc70b92947a112d114c122b05ee690bab3b427025744563e5dd64125c3b5a6e1015154af98a14b5e1e66c64d634ef41f136e4d5d0928ef9860fcc41be2bd26ca627163bedcc0a0b9206e0283238c206d846a77d2566f1a95be28c5d98b2dd20d7c292cbaddf4de9e07f65383d68678a123f1c6a80e9e9aaf8040002004c00040067636d286165732900000000000000000000000000000000000000000000000024000000a98dc43d9c1dae10ceec80a7b8963f4c0e2048144061b32b76f4268e8f17baf2722b6c724c00040067636d2861657329000000000000000000000000000000000000000000000000240000003c509e3c3cef7af8c00e7222161f2ed61f2293ffaef182123523d0176cdd87d6ac42d8e3080001000600000004000200ce000300c6c5af1ae4e993e7daae356260642a5577344cbb8292fe1e41ee790be53e2a5b4fe3d7c6c175596b7f57a7f7133f27752ca2605658c2b7e6deffd2579ed553e9649d78f1c69734ab053a0c89a8e01378d960f825a5b17e696c7f0006d2bd554662edc9e24a54993db9b84db4e2366b7eb847c0e358e0a2f42ccdf0a947ef5296c7ade8db940927d0e38c28eeb8d47cc1bd1dba40ac064de501dfaa0894760774ee2f8ef64f996702c13f53c78077775fb4fd2e2d6fed5fac795c45bbe1aacaccccf3fc7953748916bd5a000008000100040000002c000380080001000400000008000100060000000800010009000000080001002a8116340800030002000000940005803c00028008000300810000000800010016000000080002000000000008000400ff7f00000800020002000000080003000100000008000100010000000800010075647000080001006574680008000100657468003c000280080004009a0d0000080001001b0000000800040006000000080001001c0000000800040000000000080002000000"], 0x418}, 0x1, 0x0, 0x0, 0x800}, 0x0) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:46 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 753.592591][ T2960] mkiss: ax12: crc mode is auto. 12:33:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bffe", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 753.780158][ T5] usb 5-1: device descriptor read/64, error 18 12:33:47 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 754.050118][ T5] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 754.330132][ T5] usb 5-1: device descriptor read/64, error 18 [ 754.393230][ T28] audit: type=1804 audit(1594038827.703:517): pid=2971 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/421/file0" dev="sda1" ino=16254 res=1 [ 754.422270][ T2966] mkiss: ax12: crc mode is auto. [ 754.495084][ T28] audit: type=1804 audit(1594038827.703:518): pid=2966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/421/file0" dev="sda1" ino=16254 res=1 [ 754.672518][ T28] audit: type=1804 audit(1594038827.763:519): pid=2960 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/421/file0" dev="sda1" ino=16254 res=1 [ 754.720216][ T5] usb 5-1: device descriptor read/64, error 18 [ 754.760090][ T28] audit: type=1804 audit(1594038827.763:520): pid=2966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/421/file0" dev="sda1" ino=16254 res=1 [ 754.840577][ T5] usb usb5-port1: attempt power cycle [ 755.550144][ T5] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 755.710077][ T5] usb 5-1: device descriptor read/8, error -71 12:33:49 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000040)={0x3, 0x8, 0xff, 0x40, 0xc1, 0x6, 0x1, 0x6, 0xc5, 0x13, 0x6, 0xa9, 0x81, 0x45}, 0xe) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:49 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x11}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:49 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) read$midi(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x14002, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$HIDIOCGDEVINFO(r4, 0x801c4803, &(0x7f0000000c80)=""/4096) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [], {}, [{}, {}]}, 0x34, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 755.920054][ T5] usb 5-1: device descriptor read/8, error -71 12:33:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 756.039360][ T3033] mkiss: ax12: crc mode is auto. [ 756.090560][ T3034] mkiss: ax13: crc mode is auto. [ 756.156707][ T28] audit: type=1804 audit(1594038829.463:521): pid=3032 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/422/file0" dev="sda1" ino=16264 res=1 12:33:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 756.327492][ T28] audit: type=1804 audit(1594038829.463:522): pid=3044 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/422/file0" dev="sda1" ino=16264 res=1 12:33:49 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x12}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 756.441019][ T3061] overlayfs: filesystem on './file0' not supported as upperdir 12:33:49 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}], 0xffffff79) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) r2 = creat(&(0x7f00000000c0)='./file1\x00', 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$KDSETLED(r3, 0x4b32, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r4 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r4}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf7a", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x80002, 0x0) close(r2) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000003c0)={0x0, 0x30000, &(0x7f0000000380)={&(0x7f0000000440)={0x24, r3, 0x7, 0x0, 0x0, {0xf, 0x10}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x24}}, 0x0) r6 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) socket$inet(0x2, 0x80001, 0x84) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x5) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) r10 = dup2(r7, r9) ioctl$TCFLSH(r10, 0x8926, 0x20000000) getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r11}, 0x10) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={r11, 0x1550, 0x1, 0x7, 0x8000, 0x20}, &(0x7f0000000080)=0x14) 12:33:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 756.948862][ T3084] mkiss: ax12: crc mode is auto. 12:33:50 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x1}}, 0x0, 0xffffffffffffffff, r0, 0x2) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f00000000c0)=0xc) 12:33:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:50 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, 0x2, {0x7, 0xd}}, 0x50) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0xb) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm_plock\x00', 0x1, 0x0) sendmsg$NFT_MSG_GETTABLE(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x64, 0x1, 0xa, 0x401, 0x0, 0x0, {0xf}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x40080}, 0x4000004) 12:33:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 757.433715][ T3103] mkiss: ax12: crc mode is auto. 12:33:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 757.541483][ T3103] mkiss: ax12: crc mode is auto. 12:33:50 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:51 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xea, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x24, 0x4, 0x1, 0x0, r0}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r1, &(0x7f0000000040), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b7050000000000006110180000000000d40000001000000095000000000000001b"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) 12:33:51 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x64}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:51 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/loop-control\x00', 0x18000, 0x0) splice(r2, &(0x7f0000001400)=0x6, 0xffffffffffffffff, &(0x7f0000001440)=0x1, 0x1f, 0x1) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r6) quotactl(0x3fb, &(0x7f0000001500)='./file0\x00', r6, &(0x7f0000001540)="9ed93d33b9751d649abf2120efae462f5a60bb064e7a826c96df8ff1a594bf99e309cdc632e181677dd7c45c36454d7142cb77726cadc5096934a72babfccd29a4bb074fb3713281b3378265bc1ef98ecbc9b8b4d9badb2f8b1ed90dba2d41ff33979306e4a49cefb3c160035aeb859d5a2708cc5f8880b300ce02f3be92253181337be1b57897") open(&(0x7f00000014c0)='./file0\x00', 0x2000, 0x2) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000001480)=0x6, 0x4) sendmsg$xdp(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2360cb3d1fc8157c2a4d5343c8208f33ae540b78979f59e06d87a2ce4dcce88931505c33872439acdcf147da4920bc905a6c38dbb40ba6db76ebb0a2a90801dd723962efb1a0f42cafe171e4f65923bdd1ffc5cd9b4f06f699f2100ca9cd59a425a2cb72e7831279d65e75be58177037ab6da2b707d0fcb1ae8e2b5a0e106d96d8c49044de5f0d5eab35b4d2476889d05de91b28b14b9759bad813b266e87f9ab9919652b7f1f0054e39db7be97ddebc31ebddcb743c87e80d89ffb25c42bea454a1f4630d06358324dec0820460323d78b9aad79a7a88d17968e51ead07fada2bb539c5fef43fb6fe", 0xe9}, {&(0x7f00000002c0)="df9ba6833d7efe2ba62f2b02f00396314abb5a5bb8c6ad54a7a150cf5d35050b58688e867cd35025897146d66a56e33bbaa2e0d96192972344a25cd711734e6dff7f32676e28d8a2990043d1a8e620a4e74a2309fa39ff0000ba62c682a047da56910e1288d2d71191ac6e4da322d78185158d9bba9ee2398ae1b2f364bfd2137940bb85999e29a377230d5ff2288de1472240bb01b45ac1037527f8395c4220971becf525251bf8cfab172935966402e1f399b2346c8e016d77517937d4785cf2176c99751786a900c14cbff693cbaa0ce90be4b52355fbdd5bfe181d58096fcdcb4e1d2d8b69249cb222919a7115a648c558bf5c94b69ffc7b12f0101bab7bd754aa7007fd868af9629bccdfc4eb1c6b7b82a7eb5a418ad7e41603c1a0c9f953eebad4f98da94980d416096b5d58edc9c69b5c54b9c4be869f4430def5693c2e5feb6ee87648374415b1da6fae25fcc78a43d6ac3ae05ef66e170bc3dfae5ac0c3b735cd02c51b925edd2e8720bc4fcc7f7b32725310f7daa628989bf7669fa215493befc51779d9e4c21f7b068d20df61caedd5f5d1b1c8b0cfe9503903d60104b39a283a900fccaa519ee4eaffec2899f85f2e8814cc98c4d8c60ba67a5a5c04b16bb2f93a2951746dea6c47e021294cbc923c418a6d2d133b221e6b5223c17c21b65157db5cccda0daca749b3177f3a6227e1becf4784aa11cdc64e445c0ed295b5a978bd68eb94d4ccc823ce126456ee64029e4f3d7cea67e906ba40d5994a37b392c825b5c65fcc238dc053263b12920f76edf1b64fb6583ae82cdf5c4efb041415fe905f380e71bd99c4131644293a1623223b462b83cbaf87be7d05986e0e8155aa66868d2170070e5a11f8151a1e6ffb7b566dbde32d3a648d2c14b85b05f806c3799a68207d93ef7e32204283eeaace87e95b1b35bbd393ca738da012c93815ae986ab10b8278d071ddea20240dadd4273b90c92f71d33e2bc5557d36ab81320699a57807117ce9e228006fe9a06b0a9533c50b0368d1a93e5a5a61e5d1563066e402903a722d4aab4d99460238236bac19dfd2f4d24709ea6a4b336c30884cfdb69ef29bd346632a502550a885c92237792adf3c0e0ca14080c12ad1f0647b884850ffc8aa5d7dd1654cbea42eedd7e7c30211c478ea7c972f20f18a2fc09adf128e697147f2acfdd32821a6bb60a8cc9d8dda4afe81d94540ea6aee994114aaad35a9c750aa7473dae8801a15f9db96343d6ba42532a8d85464e7d0ef18fda5c5d742d4ed9998bc7bf5db54b85ab1ca81ff39ac515c8859ba61802ef1d72016be2d70cd102b81b8c63b17e3e97572f50c8ed9c81746577ecb9daed75adbb09a43cdeea75df8f4fa7b91d4f8681dd442fe744ca1a0ac734f82ca16b9249030210e0ca9cd23e4d8375f3abc2cd3a74b0217adb36024c3674e824e9df99d605dfbbce5892392b63108d692e42ccb5f1060ca4f62cb61deedde84ac2a011437c35d61cb9e4d277a548262a90de6632da505f675643beac9c9cff527c9e05b8045b34490dc1f711f3430aeaf5b54b1117f692696387a3f0d41f05ae2fab75c65d865348821af17c6a4a857a44159529be064e8292011b15664b4497333b8cea7c1004cfb9c37c8b3f3fbfe8f767adf6506ef5c148d9b0fd5c67819c9f1df68cd584229ba0eaa6aea209b6ffe8aba4414fa5c5deab13c7d98e9febd5eaa25643e20d87c9ab04ad025a16877e1b8cc475656070701b11ce2c186200f33eddaf06ee14edc6695ca348f2ba670c44d0464f217197d2a4264a0b6ae4cc4ff4c8564e855e36dc9b835d8f4344539a272aaa77187988b8614faf7d0e2f65e54c88fadfd66aa06425674474ac115def495ca6c1eccf6226cce061fd1b9aedcc48fdf3c94948a0787b0d769357416683c290103c62d5e921684af667a0a9e7be21b8cdcfd0e350819320bc1a3389216aa8b7f807e9c529014c52fbbb9072469817632bece2428b5e7f1ca6e2e28ca01071862a6a58f84025dbf1422444a231cf01aa63a7945187dc586d58dbcd399a03b70ac40119af6d004050c2b44306086daed24fc59bea79106b101e6f10bc3e73e78bf1e3fd55516e73ed57d79fef5cd5eb1a8e545fb1bde4ad59eb67a7e0215ea87a534a239634e1613e626bce9e507f1f33fdc8409d547eef85290226f7487dce235fbd7de62724792cf7c307300e3e77acc86570ccb667a2d72f3ebcb5d88324d31ad8240641f53e3f621ba9a43e0f5adba5b9d3fdb03cb3af1eaf70818e998f062868897ac38bae8d49ad083f7650635c66161c2e9441c3916669883e031600ee7ebec5ed8856be493eaae81bc3f40ab9fb744dcfe1d2e61edaa0f3b6ace7768da6064d31b9e1923db9338fd1df1cbe874e2eb58d415df7d30345775f8d37844ccb7bae36cafb540c6e3cfac2d7b9bf2cc121877cf7ff2b31dd3d0ec8705c73440c0ddbda6d0b11762574ba654371af74767e0402250b31f06887074fd8544d8910eeb3557306ce5e5747cf397cc07caf0738de5631e5cc07ed1465858e492ab3853d6e166bff82a75eb79212cd3310147741bb05bfc229163f51d99eae19cb4c223dc5e14cd18970f347a0bdb90750d3ea08fd01ccbb41d18864c600b082ef911ad72b7bd064630daa89843cd17351e554bdb6b0575f0f0c1c9cf16bd99d7b1dd38e9fa4d6f581630e7488ee135f9f0bbe45197651bdbe02cdeabc460b1d40b18bd843afe6aec3580be63be182e5e56a56ef4efdba34ef08c11084f66591acdeb3b1049ebea998ee3ab3ef5f1dbef0420cac6efec85e1c101691b61c3d8061b734bae6b07e344226fd6dbf555097bfaf30ee505728ec27c86918015a75c507c9decf765437f10c8414bd39491ed9fea130a5304b21db64173a1471594d33cb40a010d83b5672369ecc201a7df33d2b7a891127d736d71f91067f63d096b4cf120874a70c7423bf80edcf4126648934499081ef83d5ea2b64d8ab27c21c6181a41e0d9f21e32df9a43d5703268fcfb6dd696b748feabfe98c0fd170dcba9fa6b192c2a3dde4c07c06cf13ccff9a414a4373444b561c79ccb0a1bb3a51714822b9e3d24b6b6b8ffd201e678efa4555f8f66b6fd5f3ecaa4de2078c77ba7b11fc1dc2d06a027958b238a5d95ffb56c8fe12f4dfdf98d0723b0f47b2e1f2651e9d6ef0d289e75576a75abafead8a00484a5d3b727ad89364432cc7f1146c4cc72555a57e200a38cb29e10bf8f9d077345c55f8945cb7a22fc40fd99c0cb6709316ba2cdeebfb4685d7d24424e75912fc508c62378dc02a71b403dbcae89ada6671277854fb94e2485d4515c0d4b742463935901c76cc17a6142817f50f197ab202452853d7628a943872bca7d4a482890088dcec63c107af35d6c8a2ec816fba834c0ac781e08f7d573833a1e44e0fdab42e035dd853a00de6bb68a8b26b19559d6c713935882795facff84278e368c21c0cb2d0e41816ad517594d4783f7d24f703dd96dba6684fb7f86b9bb9493ddcf740db8990b1618864cec5a7352998d1d6c1919474b69e61e54973d0a0f542041a4bb41a48dba5137975356734b89750f9c6357f22518756bc5f02f3e2a75222218c44f47bea4f27c3eaf180ff5f7214030006fd231b513b1e0ec3c8fb1a7560d523568bdda45952a5ee640a3114e984b3953758e7fbf47c98b1718b2049328a05a215d8bc24710a10b65d272b5a8c5a0008050660aecd143a38d5413e2de3795332ea68af093dfebb72973e0111d85dc9a099b527ba434e3df1f6d310dfce8b250c5d32aeb8b79f1e6db7a7728b02deeccc92aa5a4c775f8ec47aa9cf26e44daf2dfe60cd1b72530ad36b10048554fa763a1a51f2d74600518edc97fb080f33f2507f4216c65641dbb7d9ec6863d8e49e9a137f577571ed9f23d282a6cf7ae3154a15ecea91306b228704be32123d74cdfe2dff75b45b923387ecc4617a1e805765360b730f0bc548b3db8abe5db94e4ff45cbf06f532f15079b4418c4618703707efe696038d9c3a65c1a5bb503902cfd605e073232b00bd50dd1184316d23e1ef07b2217b50479960a295f76d1057efbb2045e2f4ef9afb1cbf46f7929ed8a0089c61be02de912403c4e207beb10a238011d653e58f05c10f977e97141e38da2bd82775423c075209ccdf7deb463fb2ad6148c7910104d4343e8c6ec4c13c047cd9197661f29b87a6c989c349d8f682c781c5c357afbad5b77b3fc4970e557353267e230a767be71a31b9296ab282700d27f1329643bd8a1f59ce2a783e8d0291e7fbc30783689907dc94edb025085f96835b6512272b2b1ad97da1aae4597170cf12179c51bd17d86c5503eeaf059424fc01b1db5eb3cda45f94c3ec3ab09f1b7dfd60687da7b01610f97b2517ff41c89c649d347572e5be3672ab0d64535e73e04ebc18369475e2c811ca1b8256fa176e3a03a8d21ca6ac54953d499f31d434af9c20221ca385ecadae9679b691e8b705cf7d1f4dec9fe7ccb00c7d1f963d8a0bef7abd4824f42509c89370a8d1ce1174c02379ced4b8c394ed28a0755be1c8761d6d48ab11cb215b59e6eb2ed144098339c833863cd46ce7f7a7a6b33c397d2020cf01466b2d6ce57c519ce4d8061d084e286648b46dddfd5288e7e5e78edd4fc6b9ea25522b31c6dc492d472b49a54c42383a67122d03a19bbbd20dc4364e075066d77531fe863aee02f6956a838bc2c1e95dacb34be470575d0312a166137712d8181d2a7b9790b7f8acd0c94ab28ad572e2561cdb92a8b7b8e6083d4967a586f5cd9f97f9ea6c7894e87232417c7365f317ba7a2c52b7299bd8abd9cc2022d1391f7e1ad0722702f2e697ef3630e3a69163137d1d4a3e39e4bef9eda9c89dabd30abb7852619d8810357fef6c336a7f0295bdf585c1469e09f0948ac0d5c3a64b83b158356b598c5a39086507120e59124ce3963e7a7852ec75c3ced9e07b313c96c4aa30a94eefb668b0e6bc4b4384065e07177ab4eb7c906fd5cef3ee347d90647d9ace3abd6b4dcf27a894f0260757baff098659ce25910a695ba822ceb2b43ad5eeb8f68d74e594d8809bb803caa816824ae969c5ff75115c08bdaa09f5cc6fd983dd7d9d99b21f8592be8e14a9a91bc5a739d555cb303739d36b32ae4ddcf64aef14a8279677edfe57d3dcb31aa92ce8caa2c3681e137931f3b3108e9af254c4c24288b7bb084ade300ec831d4bc87c33bcf2016faff2da726faa43e441f0f0ac3933e33b95f0cbe3ba6362d2ad0487d913688d438958488ce635c822697393a33e84de300b99c579e922f0fd74f1d9058048a0096d5e97aec99a6be2e8b2ef07982dc291edca317ac85efafe8507a7364920d695b6cc5feee70c82ace315e72fb4c848d7efd393193e078ae57f75f39365e6317d61bb31b19611b1d835002ccca3ae1a3a510bfdbad552b5c86e63a67aa4b90ee352b98c101fdbbd8c2cbfe81afb7dee6179c69e95215b5f8226c05144761dac02681a807147ffe54ce93de7de0d900a1aee887628388a774e688340877f2c633e36875a22495db2d29f21e5ee750dda16b04a8d3c58f85e267f8af1810a6b2e014be2aec444385db19ecc9b23ed35fe81fa7cff6e1e98579a136652bd6663bf5fcaf5739f7935bcd12f87fd0778ba301692117c6da4ae6b2854e41a356869f778ee9557613beb50048e6bd3870da3b9cf37d6dc8a12d8d5d4f819eac0db3c1160dddc680b175138b82e30bf2d5d62f958980ecb56b21eb473d53ff4408cc8312976f91b3f27", 0x1000}, {&(0x7f00000012c0)="9dba8b76ea1b7ff720f2428222b7f742fd03398fb44a334902ae48eb58dc06c991dbae4a8438a80949ddc8f8d5d414fef10d305fc64935b76776228ed405a338886d99fe2721f360df5b940ac049605bc7992e7f44aa73642a951d30aa6475a29215e12b16e703b297831063ddc99a5c5307469485116dd267c60a1817f897baec7c232e58e445ca23443cdaac2583f8425a270fc04391b1846e1a3521497c346977144307e9dc26dda9dbf0dc45666664fe13a834ae3b114e2630b79fad971b4da1303f5ef3e5a8fc9b78584ebf099bcc0b9f90790f1369c111494c3455bc16c5e9c623f3be77a650a8bf236f7a24", 0xef}], 0x3, 0x0, 0x0, 0x10}, 0x40c1) fcntl$addseals(r4, 0x409, 0x9) 12:33:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:51 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) socket$inet6_mptcp(0xa, 0x1, 0x106) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:51 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x14d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:52 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$SIOCGIFHWADDR(r5, 0x8927, &(0x7f0000000140)) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) clock_settime(0x3, &(0x7f0000000180)={0x0, 0x3938700}) close(r0) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000000)) getpeername(r6, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x80) 12:33:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 758.786133][ T3176] mkiss: ax12: crc mode is auto. 12:33:52 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xea, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x24, 0x4, 0x1, 0x0, r0}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r1, &(0x7f0000000040), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b7050000000000006110180000000000d40000001000000095000000000000001b"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) [ 758.871895][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 758.871910][ T28] audit: type=1804 audit(1594038832.183:525): pid=3176 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/427/file0" dev="sda1" ino=16019 res=1 12:33:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 758.968817][ T3187] mkiss: ax12: crc mode is auto. 12:33:52 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000c, 0x10, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0xfffffffffffffef2, 0x2004076e, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 12:33:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:52 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(0xffffffffffffffff, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) r7 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r8 = socket$inet(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r9}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000300)={0x400, 0x2, 0x1, 0x1000, r9}, &(0x7f0000000340)=0x10) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={r10, 0xb0b3}, 0x8) ioctl$FBIOPUTCMAP(r3, 0x4605, &(0x7f0000000180)={0x5, 0x3, &(0x7f0000000040)=[0x20, 0x6, 0x1], &(0x7f00000000c0)=[0xfff8, 0x3ff, 0x7ff, 0x80, 0x3, 0x2, 0x7, 0x2], &(0x7f0000000100)=[0x1f, 0x1000, 0x3ff, 0x4b0, 0x100, 0x7ff, 0x2], &(0x7f0000000140)=[0x3, 0x5388, 0xffff, 0x8, 0xb0f, 0x401]}) 12:33:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:52 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x16c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:53 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000001480)={0x8}) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) write$P9_RSYMLINK(r6, &(0x7f00000014c0)={0x14, 0x11, 0x3, {0x40, 0x4, 0x6}}, 0x14) dup2(r2, r4) sendmsg$alg(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="b61b04d5b0233ff3d0836d11f7bcfb0621c085851b646fb24d3e130dcac4f4b2065e702c3b9897a14b5e34eff1abe600e62470c659b7a4473c9568f7ebabb88b795bf8724a4e55350c461d99aa86bcaecbed552a0ea10d1352a83adeb4b75a10ce8ccfc6b5c83d3ebb836c1f4c8be5d92f46708166926633c0ac47202df2ea73eca7f8cd472dc59aac122b2459d1dc4848b39eadcc2355a9ac0950b049c631f43c92002d114c116868132669a64f56da321b602a5d9258530c4bf0769913f65f070d4a699eddb88a1d0cf86d42551c4ae8462993c191bbfb18b4f649c40dab10b1b72bf305e9156e396cebaa51f4c1ee589a869b11a8a6cc574c3d7fb3b45f4bba6e0b5f4a055dbe695515aff691cd8a56f7920fd9044ca121c926b7b1f549a7e01451ea564d024690f8565ae525a271e1b51703562f50a659faf78b5af22b6ba1a0c88e2911d8aac0034671f8915bdf7e614045dc22e6e0c2bf462693e20a307e3dac88d5f93e4c4a639af2af9b668e5978a5887ea42fa3ab23300b8300b48ae851124fcfc70ad8c4ba4ef9cd10ebd58b2c133926311869eaed8ed5f25b4feaeeb260bf789c2193aa37ed48d39d5e3b5032949b20799886fca68a46c57809a935e736ab914b0578a61954a9d513663da38c2ad6f216c90b228663a2a9dc1e68b48559c4c92ee2d22f2b6409b99d994a896a8c0048ddfde482c4c1efde98e7f7c499918f3cbc0cec39c0c57a69af30270074059bb985912f515b3a5212edba5a9547230ee4e8dcbcbe25d1773af27a5631cfa601e08bb032c4267c5a00dbe1bf6ccbd888b98f150c4fe96c6365a3a5e38ddd6b4b4859f2d258009a19a255df12fb8336f0691b16b6632fd03de38ee82bf103c3c7ed44ab8c8b5e7165b6a34e6cedc9a5e02116457a01e01321b76a009baf58176b07730f466d2cb139a4859c6531839f5d887c6625af0887395cae091ad843dd6e6186af743ce516a1002eae2dc81ff84a645eb7540968c5d6d2ab5239f0a6699d3ef87ec624ed3a819cc08653e59c597103b7b1761d4dabbd738624661b533325e81fd88fdb7fdbaed0eb92d6dc8a979d4d5a4565f7a82e673e3572191224c4ee22940f183729365e8d600f38354adea379720fae3c49c97ca72f38a3a0bfdae4a09fe3f570b56e9584e5022b0d5cc3abeaf6f9ea9fb0d0cd4ec2ca3a5af367ea30605c6c598d681f18c5ee5f52993cb550a5185b286eb090aa6fe036098e920ff5b6bd388089e682332c36c83f42ee1a15ef8b3b84e2b8568a58152f2204cdfb1071bd9f75f96b6d13e3d6a23b78e7417ce01ecf4ab49eaacbff651ac772c97c806e5c29e4f62f1b1b66df885884cbb2679fd3fad7d7d7c53d66bd08a66da877ef93026378397349d787363b8a02f6386448d0428072e6079288961280f8d67fa31c219b63ac239d18c27012197b13acc209b283c6c8c8af4c2e27e2087126b816e6e0410c81eff4e048dfa80149cf5539270cb5328cd30c72f39db2c46021d0ba427d31359feb7358c597ed29fa84a41383721320d5bf28331d308b959a5d0b89e8da7baf60a0af6636b98ed3eb83a3a63d4c952d1e07d2cf49edefd45734f63ae2d469b763c0c27e65c9767e2d9d76f8d2737c5d51012074ad836898e544cfa5c6225061013cb8326c1782fbfa8c878b267e0d88e15dd111b9c66380a6c32f9b6fb376d0e4cd4000ab12619efd6333979625bf58b53412a90391d08c1b4cb9f7132b5f58493c8e688bd3aad24b4ec98e350d03438c5b2ab4d822e693a26efdab738f3e6f31ac8b8d2eeec7961f555efb0941d0a4ebe57f4b22dd4856f6ea7432717def68dd6ac8defa5cef0101bc8a16ce3beaaad158c19f3381cf4f6be60d4db8ee31a36c0d70ccf947824f1dd224886bb89b7fe05c5ff97d2cb2405c206cc3ec124d92fc838f14c5f30d162d37ab65cf4dd124ddc8dfe4d94fccb397daa537b55684bf647d9432df81223ab2faad694a9010b280e068f2b6096a3558123d16dbc7e332cbe7850677d891c55b912fc59fb0c10032cf8b7afda6727562e5bde7e793d79bf0017696001918fcbc5c14d4b3cbdbe5807478afe0e11cef300d58e955cea5493f38673fe0ccd1137b3562a8834fb041119fc7e67ebaf5ae9f475f3a4bd482fcaffa6f0d8a7b5d5e7be3ebdec943d9f30edc788bf349b53a5f9bd5cc573225c7d30601e52bab36cd22a95213066c55c63fa3a72f9b03025daa78ac1d1831b3241d1b2f48d66e0cd245a34b561efb6ea489749ff8620bc77b259c7540a9071c48a27d74226a8f452e5309e275766fd9165bacd0be3ba8fc7f3ce54e9246115a5313d2a828c481511582ed14cd446b88109270ef88d09246825b83b4f0e67cc6af9df3392e89a43264b9fd25c088eee8b9f1f41ba336026d2b22661b179f1a5f22a0e235c1348c795df9058bfb347dc0f5a2c2d1bf84efed6f31b397f6a91c823fa643f3dd79575f498da7052a5cd22bf74a60ac14c24864b6584adb28cbd3b0b17ecad234fe00b5f03b26d285b9585c645a800b28d4eefb0422aa7e5b914014bdc04edc239d54e7b39d92336cf1178bdbfbe5b00477fb37511adba1653f65c59e02ce0c330245d54dac7306e12b1c74407f48cf086abc02ae41434fbfe65c6aa0511401cee62aa1e6d084977f817aab082d22c997ffb2e63c18c73b54f365d7b681238aca1a2baafd3bc6fc1ccd30bb2babd571dca994d0bcfb903accbb760ef51e033ce9cf53e163557f0b20a882fba60cfcedb65a3ce48f8426c011d2d681e43c8108e19744199b62ceccea65713f3dea80c60e11013f11379e3d4051b83c247337f5b041a6299f6adf1de187bace031f0f36aae7e38db85bcbbde1f24004f7dfd06624ec530dbf48870f7ad88dd3e3810a45cfda707518d5f90dba1990f34d65d0170b41ecebb860377f31266d26953239febd05b94417c1f67c893a9760ca13632490d0480fb2877c8424b4f0a7d63ecab48aedf7f474950bae52b6ae19243aee555a83c81a7d922d211902bf4f797cc99ff4179c640181a550efb1a7417e0e2f08f442368008e66adb42c0492c175a295225ce1d885476e8e4144d8155d847db1e474ab666166047e759c72a1a9869befb9ff496ce0700cac0b527c5ca9e24811e5745a06a3898679c3780aceddc900c40448993c35680b16013fcbfc4520f93a88a906316c2fe4b6b81abdac9cf9462c0c542872985231ecf045d4d6a6cf7583dc04e194847b5818b46d0daf9f6ecfa749d275a7e3026639fae9538af74c5b6cb7a5b54ce6f1e60f44237d9869610368f9bfa2f5c1c6cf82d294ea8acccd9251678146503d2bec720d95b668fab2ac077e6d835ff67fc62a54ff765a225a110feb38aa3e8309a679167aa121273a545172a487ecd3d281088b25a167d10c759ec3d49fe4f0294b41242063d823d63be337ff07a879ae387cf1ba785e82fe5665c556ba36b34c77cc91030c2c1d42116e389034d64a85ab006cdb632cb6cad6b8ce2ca967d9e8b9849412fd3cdf8c0ee181e0a2bdd83ffd4bb909d58626e001bd75a6f3390ff1c7dcd2e44b7eb7028816f521e611f1253391827f7bad0e7d2d14b901923eb7e052e3f788659f47669e40e98fd32a9cd6d76925e1c51bf3677f5db0be140f5e1fef34e0420d47699f48cc5dd7b9a65060d5ba146fa73fef9ce05e6d14224cfc6fc89d9b5e31caccbdb0fcffd5ca11d5e9d7ca8131a605e6e7b91e46439e5f548ee0bdd7edccb48232fe6e0d92400bcbd2aa822abf79e607843bc50591633372d74a842ae1f80abb049c616f2f68e1611f8103e4cda660796a0874f04c8ff2c0f1768ac840c4f5c26f99af04a4d6017004075ce7fbf4ae6fbc3767067511ecaf6d57bc9088d06ab48354d5fa37f2e97fe44dc87fbe97152dc27c9e35b548a34c4eddb167cd9c970bc975341a678f88706e701911baf9990324b46c9ba088577805a3a92df52125239a5cd714027e72aeb49c5e3673e51f719f7883c5438676a413409ad130a0a2e5043b739659fa59676925f074bc4e427852d9c175540925c635279dd4d21c443925c8fcb28586caaf2e5cc8d37034d88a32419cf1e17a4e8d2df28c378ed14564a68ef2f0bbfb7151cac8eba72b68c3f0ed9fb603b2ef36fda1e1eea5a847e3570aed3584b88724fa325a2d19157cc4d84d6603f2a57f960d5d819e999b369113256176e273ac8662972bcb7a3e9ae75fd37f84e7bed3591b267d2dc7992d1bd8b40dba1b8e61e5cf3075d2e241f0b1673a1228aa9a2ce312bb3561f8d386caeb59a5b48d4d5dc25174bbdf7be01c1f85623f4a8ad49e32d4f83b012c2dd706eb1492fcfcd076c2dd230600848111d7e00a432b03bd6a485b6839207123a0b49b80810a6468016eb6a16ef994b6c6d782f6b1b12a89830a4b3f4608d4b02b0544f069cee36b660a5af9c6aa1d507f1ab1564a71fe44c43ebaf2024441490f8c3f18832b1cc50c07155497287dfcaad4bce4044fb114bb599140ffa93db472c25339a9ed8dbd693f97d35bf65e5ce8277037594a49b7057384c2cff58b4ad03972994a65e9bcc7458fd51802c04f912d78dc43a7ca70d2f105535503b946e32d1a5e317d1737ba9f2bb5a8a7dd418f24901489134b7eb1d4cd19b4a0b4ea4cbbb6039b8148138b8e0293cf1a3f9f440024e3de96011d301ec3d80f842030d5ee8f2f1143ef50d60e36dc55230d10dc46b3128b99621ecd163034dfa69964ebc66b44d04d52f6a6ea3ca920a8df1848ce77181ec6bfbd0b4dad9462c6b7314dc2a1083adc18aa020368bb4857b3ce493e2a096cf56f7bc2ee0ffea2f4af3e75a2a51e3d6e846cb772f3474048b82658812ba79c486ea34bb02a65ff78592eaf8fd8e8679a99ab6e12c2b73164557bf6fb253d0b2f4196d32f74bf7130c86a91115d39241bdfd071b4a1e18ba375b0136a7bb4264c4763fb447382614f91a184f5c407df3453b5f234bbce3efc3f120ad40aba04452ff66eb8411d945e402524d63f8d5a1ddbd2a3bc072746cdb621af25091c178e26b7b988db842268b576305725966ab119ad93a2a5efa389b2bb2825b1fea408f2c2b9e134b40a1ccc3a2ca4fac0dc9727d3f48c46b607c1e88a1652f08d7d8ae77fe9b9a5721b197c65d324282cccac040d8f6cc26963deb6d340d334d052b5a0b6ecd6fba3bc64859ad53452ccf669d5e64e900105ff3775b11665acf839411bfeb512db2c67c17c68eaf401aca200a07001f261895f842f100632869aa982142ca5a95208b0062480714bfb9efbfe8aa7913e294b698e8137755267a7bb2250941f2ca6a425dcec754c4282feef3301537b10a90aaaef4c4c7631e9c84780491f0f8385bb776ca0a1e46e1db4a792028936068bad03f2ab285ca50d98d793c4e156387ed72cc208966b21be5382014aee0d396df396f2a84693b933793e3531fcaea9060ae35cc095d84273f36bcb30bd61e596dd5be76e4b6eccc973e41815e9a8c1960b56ccac2545cc669c0eb59e62fdec5d649c4ab8b076081806c2cdc9442c5334c1ed841f9cb1dff24624321676b513b350d6c97551d19856ee566878930c7ed4e0bc889c618781aa7d459c37b2d8e1cbfbc546d9b537620c206361cdbbbdbf86c45016c57ce2a73ab166c23c26201e54aa5073d47dceab5558946b6a4d95912cdc3008bd06ea2a6095064f8f18170273f6ecedf3350667fa2f375dd65d0395769872f40debdc5f2a4162e12ba731c24ab72fdce8a79d099b28e3e928e5b8aac", 0x1000}, {&(0x7f00000000c0)="c5d4c39b9ee31a4a7744695f81a0a7a92821c00d6d5d49fc965463280bbdf4338a42d4c67b102ad91eb24215a674507226edb79e2fc88389bc1af75a2f33b3bac1c93119e5a1381cffab9a5bfe8ecc90cfe5b5a5ee88e2a357d47fbd9708fcd41b0f917ab9e82c7ec7b5cf6d232d84ba04f37b273ce965f16f4d067e9c7cd7d9303a206cc5923758e3c7d1f4324dca29512a2c4880f17f82d0c217c7e53d71541bcbcd96f9ed8cc676f5d187028faa316fa164017879d77077928fd2bc2111ee61ea9a211685bb26a51a8ed96a71c03a5c9d36c8712a9d6223e343ae22", 0xdd}, {&(0x7f00000012c0)="956ee391814ac3fd7cde85f752ed62ca214041e52e9d3d3770dd15083cb0acd446d69f3989897176e90ca13e1f62f8b5f13d29ea151a954054b83733cac3fd75717ce6e83c5c517a11cd056db8b56be8f752a6f26300882f6a0eab7a715eea1b7c4434997a7a42a3b2507b6014ff73de6d469382f2721b756a140e2248705aed193597d08a", 0x85}, {&(0x7f0000001380)="5138a8159cd0772759844a24b14dcb7f9d91a05fcdd26251c46278a36773a618fd466b60ec723a4dbee627ec0404d4b9b77e53eb55e8ba95eca687f3b240ddd96900a1dc9e2e021de0222b4f17661a685bb8ba04d42168ec2a3abe6326dabcf9d8e3e3ca07c98da9447e031f8ffceb43afd5e27b27753a4a017415516f468361de51725f6edf422921e9e504538780e0d937ba7e6397eece21ef6bb590450961f9d2defa52e2b7ea1b22c1548e12d0281bc265b30be26384865fdfd0f4667e8e32d5295e733992dda9c1e3668b30d12fdfe2075dd740e5acc7b4179897792e9beadd2bcf26e35bb9a5f615ce4c08b9d5320ddb28c0e2", 0xf6}], 0x4, 0x0, 0x0, 0x4}, 0x20000810) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 759.912074][ T295] tipc: TX() has been purged, node left! [ 759.920526][ T3240] mkiss: ax12: crc mode is auto. 12:33:53 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xcc0, 0x0, 0x0, 0x2}, r1, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf04", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 760.318458][ T28] audit: type=1804 audit(1594038833.623:526): pid=3262 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/430/file0" dev="sda1" ino=16066 res=1 12:33:53 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() getsockname$unix(r0, &(0x7f00000000c0)=@abs, &(0x7f0000000040)=0x6e) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x0, 'macvlan0\x00', {}, 0xff}) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 760.445710][ T28] audit: type=1804 audit(1594038833.623:527): pid=3265 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/430/file0" dev="sda1" ino=16066 res=1 12:33:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:53 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)="2e00000025000911d25a80648c63940d0424fc60040010000a0003000200000037123e370a00098002000000d1bd", 0x2e}], 0x1}, 0x0) 12:33:53 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x29a}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 760.730054][ T3293] mkiss: ax12: crc mode is auto. 12:33:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 760.775928][ T3293] netlink: 'syz-executor.4': attribute type 9 has an invalid length. 12:33:54 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 761.367665][ T3293] mkiss: ax12: crc mode is auto. [ 761.401533][ T3302] netlink: 'syz-executor.4': attribute type 9 has an invalid length. 12:33:54 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x500}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:54 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) gettid() r1 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r1}, &(0x7f0000044000)) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xd0, &(0x7f0000000340)=ANY=[@ANYBLOB="ca00004e0cfb2c71512fd04e838c28bc7bfd5088be53a5d9955b655ea7bce149b4e461b6eb70a4e669b91bb2a0d59cd4ce4480b8c3b850737885a0cafd35b7296f3d1e9e4ca1a47e38b74e0da95f44ada839e69969b524a090863ac9602056e3e38c62e04eda7979da8328e119c2fdcc57f0898244ecdd67fb14479830a6f6ddf61c6c82a254b9fe80f0cbc04863808bf26d6135f0e05bfa7d227e1ba758ce90ec8b1c3453596d1fedabf614bf44726add39d4f8e2472d29348860bd9b1fe7b8787247968c4cc9534d72184f16dd3e83d14c5e6e0e214dcfaa11b98e8a4a16a318c2234de32bf84dd7e984775222b59e0bcb8a04bbdba95bfb3ae1bad3e0d76f5902e8a2175ff9d8d1c45193a4d0780b60b7fe080aa1aeccfcc49d69a687f862e05d4f5ba5d1a61d95d9fd1656d65f2f722df9b4982c"]) r3 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r3}, &(0x7f0000044000)) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r5) dup2(r4, r6) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x0, r3}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:55 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b24, &(0x7f0000000440)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xba\xdb\x9f7\xe1\x04\xbe\xbd\xf8\x04U\x04\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00s\x18\x9f$\xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19\xcc\x87\xb1\x9a\xc6D\xb4\xa7e\"\xfc$4EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcb\x00\b\x00\x00\x00\x00\x00\x00\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa\xaeWPX9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\xcc\x96\xc3\xd6\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb3\xb0\xe8\xdb[\xc8\xa5\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QO*\xa2\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99\x00\xb7\xd5\xd4\x9fm\xb4\xb0\xa0V3)\xa7\x005b+\xcamN\x8f}\x90/\xe9W?~\xc7W\xd2\xb1\xa6\xf7!\x16\x03D\xd0\xda/\xa7\xe20@\xe1\x8e\x1c\xa7\xb1\x85g\v\r\xd5/\xaf\xea\xedI\xbb\'[\xfc\xe7j\x81{\xcb9PW\x8daR\x81$\xac\xa0\xd7j&\xe0\x19\x9c\x13a\xca\x1c\x17\xbc\xb2\x93C\xb5t\x98/\xb2 \x18\xeeQ\xdck~\xd2\v\x1d\xe0\xa99\x05\xc2\xd7\x8f\x89\xa3\xca\xe5[U\xef\x7f\x14\xb0\xa4\f\x9c\xef\xcd\xab\x8d\xfeI\xe5\xdb\xb9\xf8p\r\x1c\b7\xf80\v\xd2\xf76\x90\xcc\xdat\xc3U\xef=E\xdd\xc8\xa2~o\x9e\xfb\xd7\xf17\x1fl\b\xfa\xfd\xb5F\xf1n\xe0A\xd0\xfba\xb7\xbb-\x01\xf9\x12\xf6B\xbe\xe7\xe1\xa6\xd5\xe8\xcb\xb2\x01\x00\x00\x003\x97a\x81F\x8dP\x1c\xed\x9d\x0eT4\xb3\xce\xb0IobK\xb9!\t\xf5H\xcfK\xf2-C1{e\xb6\xdf\xe5j|z!\xab\xbb2=\xf1\x1b\x17\xa4\xf3L\x96\v~F\xee\xd2Szj\x92\xf6\xf6\x16\xaf6~\xac3\xde\xe2\xe4da\xe7\x9a\x85\x9d\x8d\xe7\x16H00\x10\xdaD\xf6\x8cQ0\xde\xe8\x8f\xa8\xc6-n?\xa8\xc4m\x84vE+\xf3\x98/K7K\x93\t\xa0\xe9\xea[\x98\xdd:;i\x8b}-#\x92\x972\x9a\'O\xecx{\x1e\xd4!u\xbdOT0X\xa2\xa9\x80\x93x\x16\xddi\x04\xff\xde8\xd2C!\x15b\xa8\xbe,\xb1\xb20\x18\x91`\xce\xe6}if\x11#\xe3\xe8Q\xa98\xc3\xac\xa6\x10\x9e\xad\xd5\xef\xc9\x0e\xdd_w\xc7{\xf3\x80z\xe6\'*\x8bV\xbeZhA\x9b\xc8\xaa\x9c\x88\xa8\xe3\x1c\x99v\xbd#\xb2\xaa\xc64\xb6\xce\xd4\x98>\x10)\vc\xb4\x15\x04\x9b\x80\xbf8\xf7\xec\xbc\x18h\x8c#!$\xd7\xfa\x9b\xec\xc0\xc7\xf2K\xf84\x81\xa6\x8e\xc9\x8c\x90$\xeeM\xf9cn\xdfT\xd1>d\xe1\v\xed\x06\xe2\xe7\x0f-M\xedw\xb0\x1c\xe6\x1e\xff\x9e~s\x88\v\x1cO\xbeK\xc67]S\x1b|4\x97\xa0N7\xee-\n\bPj\xd2\x16T\x06\xf5>\xa8Mq\n*\xcff`9aq\xe8\x85\xd5\x95\xfby\x85:k\xc4re!\n\xf4\xd5\x88\x1f\xd4N\'~G\xb8\xd0B\xbd\x12\x05m\xf7\x80\xe6~\bq\fqc&\x14\xff\xeb\x8ed\xadb\xa3Y\x88|\x1b\xde\xbe\xc3\xa0\xad\x90\x89\xe4O\r\x18\x18\xad\x10\xe9\xc3\xab_p\x91Lg8s\xf7z{<[\xde\xe5\xec\xf3\x83m\xa9FK\x91J\xdf>\"\xc3\xb7&\x9d\xd3Agu\xcc\xbe\xff\xf0\x8aA~\x9c\x1a\xfb? \x00\x81\xb5W\no\xca\xf5q\xb1\x13I\xe8UKl\xb78xv\x8f\xaa\x86\r:+M\x99\xad\xbaA\xabU\xadj\xeb\xc3\xa3') r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r6, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) r8 = syz_genetlink_get_family_id$netlbl_unlabel(0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, r8, 0x0, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x2f}}}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(r7, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x3c, r8, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_SECCTX={0x0, 0x7, 'system_u:object_r:usr_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x890}, 0x2004c849) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000100)={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3]}) write$eventfd(r3, &(0x7f0000000240)=0xffffffffffffff7f, 0x8) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) 12:33:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 761.909722][ T1994] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 762.042651][ T3389] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 12:33:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) sendto(r3, &(0x7f0000000400)="d721abf0cc8a57750128c324df08415938e948f9a71465566ac48fd6fabf5e3e1c778730f95cf5d9a2a435e3e5454c78a4c78a73c31868b566d970cee7d823ecfa9496fa0d1fc13445167c367c17edf8989c4979cde60f05d780135a4b4b4d891801f6a6a782e157a6be86195286fd9160f8170fddee93572b0af75ebcce0824745186ab5ced44bae854ce1b04d66dabbda93ac02e9799a53c489597406fffbb9d0d1147192ba13e94b36fb9adf509632115566eefb6e651f0db602d66a02fb2410b54fd556d787068d659", 0xcb, 0x4008099, &(0x7f0000000340)=@pptp={0x18, 0x2, {0x3, @remote}}, 0x80) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000280)={0x0, 0xfffffffffffffcfd, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) r8 = fcntl$dupfd(r5, 0x0, r5) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x2, 0x0) setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f00000000c0)={0x1, 0x1}, 0x4) ioctl$USBDEVFS_REAPURB(r8, 0x4008550c, &(0x7f0000000000)) r10 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x40) write$P9_RREADDIR(r10, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290200000200000800000000040000000000000006000000000000005a07002e2f66516c65302a28060000000000000095ae0842ff9164272e3a1746568741cb5267c26060f005aa66c595de1f44931164d766e62a7b98a79717dda43e189616d9d0ce4112f7ec57b5be7a0000000000"], 0x2a) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB='H\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r7, @ANYBLOB="00000000000000000200000008003848e9030a0100753332001c0002000400060014000500000000000000000006"], 0x48}}, 0x0) [ 762.189601][ T1994] usb 4-1: device descriptor read/64, error 18 12:33:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 762.307818][ T3412] mkiss: ax12: crc mode is auto. [ 762.330223][ T3412] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. 12:33:55 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x600}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bfff", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 762.496022][ T3412] mkiss: ax12: crc mode is auto. [ 762.537041][ T3425] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 762.579725][ T1994] usb 4-1: device descriptor read/64, error 18 12:33:56 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x7, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8983, &(0x7f0000000d40)) r4 = socket$kcm(0x29, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000d80)={0xa, @pix_mp={0x5, 0x7, 0x20363159, 0x4, 0x8, [{0x0, 0x5}, {0x7, 0x80000000}, {0x7}, {0x7ff, 0x2}, {0x1, 0xff8000}, {0xfffffff7, 0x1beae0e3}, {0x0, 0x2}, {0xff, 0x1d8}], 0x4c, 0xf1, 0x3, 0x2, 0x5}}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c01095000000000000002ba728041598d6fbd30cb599e83d17a3aa81d36bb3019c13bd2321af3cf1a54f26fb0b71d0e6adfefcffd8f7faf75e0f226bd917487960717142fa9ea4318123751c0a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ceb9fbfbf9b0a4def23d410f6296b32a83438810720a159dca903634e369a96152ddca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5ab3e89cf6c662ed4048d5a3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd963218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa00000000000000000000ddffffff020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6cfb2a962b9f03000000000000001cf41ab11f12fb1e0a494034bb120000592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b54050045f6e664ee46762c2693bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3016e52d337c56abf112874ec309baed0495fca4741fd31da5cc7048ba6866adebab53168770a66ad901ace383e41d277b103923a9d971f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97affc0ff7fa0c3300ef7b7fb5f09e0e8a868a353409e34d3e82279637599f35ad380a465483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bdaba71f897144910fe050038ec9e47de89298b7bf4d769ccc18eade00e8ca5457870eb30d211e23ccc8e06ddfb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357b22515567230ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972ea3b77641467c89fa0f82e844010000000000a33dcda5e143fbf221fff161c12ca389cbe4c51b3fa00675cc175067d2a214f8c9d9b2ecf63b66c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231b1b933d8f931ba3552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a2cb032dad13007b82e6044f643fc8cd47ae636a5dbe9864a117d2732d750a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991af603e3856a346cf7f9fe0bc9f2b6a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c010000000000000048a9dea00000b91d2309dc7ae49e4d5f7e50b652053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca165cbbbaa2935f602327484386b39b96492ae662082b56cf666e63a757c0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67aedc0264273d82e3c4c67a31f8723bd4a394c6b3e907adc3f86d2fe6f59dd2d2f281ff205a402056fd52bfb794c512bdc0fd868fbe53bbe6e47bca9eb18752a7fb561e201f0aa4c34100"/1316], &(0x7f0000000140)='GPL\x00'}, 0x48) r6 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r6, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r6, r5}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x282000, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x5) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) dup2(r7, r9) sendmsg(r9, &(0x7f0000000100)={&(0x7f00000006c0)=@pptp={0x18, 0x2, {0x1, @empty}}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)="e66fdb0cda49903d45feb3fb5ca6dc312d9539dbd37f1062895219d8f43c785b7cdcec414a54b65ec6be6fbe70d0a7ef7354dbfcd292e7ade946102ab6fd58c86bad6066c9bc4d571b7532f65e4f3472692bac485813c0a1078797c0847ae1d233a8607bb887de51b59d5be0b4acd2cd9a7b6d26c45388f0d0832bc5ac4d4b5f224e90c7a3d2e47d6976d9170f7effca48c63f10adbf1dfc41091751b6406d4317105537393fc66a96c908e5d3c8ac80c83c434a166e4be9b26262", 0xbb}, {&(0x7f0000000800)="a5d0ad5c4f5d25e5ce804ee8eff6a9d3751f7d57a8d653a20f66ffbd85ecd5c230ee1d2d4449e08ebc9b59106fbc1ba4e32fe8efb559fe1dabd8051b3e4742240027708700c2f6865f7197357b2f718f9b41b9bc0578a86e78c440e84130828643ad7a782910cee5d19a6e9850e309db6ca7d90abec63f82de2722b9e234040c111454a723d44751122b6af34887150c5dfa35f783127a8ca4dcac8c8338bdd27ad748e7f471c094f4f4cba0cce1ccaed72ca441519d9677a7bd4dd86a514ae6", 0xc0}, {&(0x7f0000001000)="53e74d6eccd07f0a90be1538f02ba85f4042d2741b19b9535562a8bd0030039dcb03ae1767fafdd3e055bd22ec9a7381358effd0ef72da7d9ee473ac8ebbdf788118092640ac5042373a235df858e087a92a45b2f334d5fa8bbbadfbf2484f6d49f8dc74fb4f27ea610b1b4b230251e77b0bf485c8aae9411efba5e7ede3451be0593d817024395134ab5d038ed229baf750dd004594d9312ba0fd24d688d9106e6f3d5e859616f87155c2bcab61e28c6859944a552a0636a7d04c74eeaf4088bbd9070e47f8431e2fd394090363c8379fa7f2148fbe980d1b4efe80aac7446a11035e5c0acaeada5f87dfdf9a03a76c82c3c8f0d1f67d46e479c11d4409540990839bf24cd66e7cbc96da22f1d5af96234fb9df5579bac61aba751290b89755c0a60c8fc273352f864bc0f8f172992e49135cc2d80901856aa0da3703becd1be2b14787af402777d87f981f7f5c565ae6a8dd5daf307cd36efde770a9587b2e1771ce1897719d4cd4a3cb2bfabc9016ac59a59b91f8913102b3c15cb96619623db345334c3241b24904cf6e936eac815e2b6fabcd5ad69bb3ae961da95e7f860a5475c2cfc5e3c1212249d099f50631b844c2df6deb95d47e5d2a84ec997f0fd1b1392207f08416a564ebf1581e982f3d14d724b920fe5f5d7616b80a2ad34f37629e78740056ce884bc08d1cec80007089accdd4cf0bd21c900a6522477e1f959392adc26c651697c8829c8aebe35ec757c31ed074f9275ef19be733062a57baf8960af281e4ad0fa2d0816f8bee8fd9d32199349f1fc1b2be099272c8bb8123bad4f0b6ccd4a1524c6c890f2f630e6c8048bf2e6d8d00e12ac97f5bc1a4a9423317a92d2f3a0c918335d79c51b7bb71eae6ea3251c4f3ae7c60cb5bfe5a5c195b700d958ecc7186c0d5aef62ce84ff03d8434a526afe096bdb05d2973e62e9a6852af581e9c0dd6d70c8e7689e629b1500768f6a4c06e7dce1d3c18e8634f2994b8be2f95d5f6df9aa84e863e81fa1bc53702ccf031a3124b4cd9d59e3979887b964749f271330bba7aa48b34e5cb9f1463e40d4d32826e856f9616f5fcee6fade83163ebc77c27de4cb5c605d4e6792adee7d8c9a20de6e33d704cca749e37cf650a17149228fbf3fb9f4afc3dcafead0d26c98a8efffc0d237a48b3f6ff92382f2c631e797f49929ea49619353e44ebaba5e73312b91b1469b1936438f391077294959cea4a97bc4cbb550a58c8f9fb126d23e8f555c70795c69034a778627d79a95d67804b3f6f74513ef42da36f761d48169714371261f8d86dc447ca0138c43375cd9e885f2fdd2fba80cdccd677c501dfd4f10a0abe48b5e6f1b7fd9b7f689ed994f1941148f918f8a9fe10a8ce3049b7c0c6d8aaa0f662b4a0a0beae60f983340ea27ba7e2b9e047811f97a4f82764a21f8e25e1a1d823030abaf01f14d732aaf00f53a4b856088c1c27b433328d561cf9bf46d95262394f4514a698b34ce5d75de04772d2d5968ee5fab2b30ff41e2a1574f09f12ac05ca1e4c752d9d2581262059174bbc9a3f66c8b466893f0504fb6ef0960f53f7c0ec1539cbd2d6986e124d49a9829db1f39d76c3004a552643098ec4493c33a380c1806112c1900605ee079604f7978805517ec3814c8416ad497d29330a4801e71afa76505e4366d314eb3967837fea0708d0d2b34a49f7f2a003ce80b229af38f15e2a0fffee21f3301ae1838e4095e5079ead28e7826a9af09e879f11711454175205186b19dbc6d883324d987f4eed8e9cef91fb32959faae4ee3938583fe3532dafbafff6a77f823e2d65fced304eacea336b40267dced76a5f8d21c2f46ff1ef6c5049ebf1bcebf2ef9fe182a0e977d040306ccfb519d60900f392beabaa34c75e822d4a573d119b497faa19b73739b0e9eb8a908133cf58a2c79dba53b13562b72314717069efc3ea17755c08bec5c0fbb3f5b0bd7137b45a308dbf0dfdbe1215fbcfb05f3d589bb6c03c37d3ee7dff4a60bfceb6d0907d0792121a12d0b9487e56b97bb079cbc3fc72c5a8ec98014f39ba3b0ae94e0727a4547bed307d6c41c464bbbdde8c8f8b4e653cffe404434927230b125b44db2670a98a23062619af1710a5612bc70270e9c60e86c3534944f6758e8961f25dedbb45ae9058bcb1d567f0c9bf650b6c486d4d691687f96320fa8632c5f787547449372345a3164063e7ceeba9c55762c8ff70d61bdbec19f000151e7935a87db2cb9a3fd7e45489188eee906553ea277984a7d54c9ef22c545f027a54aef95ca0c12a20823dbb41f4a1080061c22b24dfab4780f4c2dfce5c17ea56a1c78d62af09c36ad8955704da679466419595ce18fccd0263569ce2b8c4c90ac3ce8952cc8c56d3e93c9e0cc97577fde54fddf0e995524fac5a78996dae0795bf7fabe8bc590bc5bd69d9ad3a1a0b91d478fc9b51d126f22ce1cef42f410fb9e100e71a54d48a99e080a684a45ce8b41217494c712a6841122957a5dc316394bc0e74452ba4f30f106ddd4ebf9454b9f55d76dd97543fc49898618c8489b139c0b2060e3bc82077184f79588d30f97453b928a235f7d777b92aabb5ee8ccf505544b5f6e96811e2eb70f23f1f096c2efa3f0d2cb0ff64198ec572f179a98a202605fdcf15b2bdff152ff220dc0f5ff922d331388a05bd1850d1e9a57560e12f7e2f9996836dcd097464b4cf3aac60d5475eb380524eea450ac10d27440ad3641c5b6c9ece0c8f8bae0e8a63413bf1136201e0259c4b366f8a20764ef5b5ff087f181e3692b1320ca25e8fda5091c27906286f6ed2d4ce67ce7b2f99a9ee10bb4e45b0b0f5825fe6ff2aa0e0092a11bf191f5883d11411c16ccefda6cf041cb66be2a7c753043c8353e3e29f2332ebdf4436da37419d6a9cfca96e2d877ad05fa343659e81ebcf2cf41605a250e9446e174c42915ca0051f5b1d92c280b13c0ccf98944e12df82fb7ddf435bcdff32307c1d4626dfaf7797a63fb936359497f590ec9dfae7f5adf5724b76475869734a863172463c631cd4870f92131a624125f1aa27a582c12902bc67124d8d444b8bf5d6916296f443e8e4617da4cf50cbda0befdc654bec8ec2295f4b25b6339b39b70782e52376e1db2aa13adfc343b646c25c5e80e6c76cb9ad45616bf0feb661caaa3cfee2d93127cf822cebf23ae76341938a1f78963ea6fd257f09003e545251e413c9adc384c23d9b0d58a4d235d58ea372240f27e7fafe0adac61c4702010648d3915ca653e9ddcc7c504e2bc8aa5ff01e97914d632705d557a947920ba4d79fdeb670a8ddfc0ec30a34e45fa3266efe679666e73ae5a002a2361f68654e2419e506797a219424d584208c3094ee3ff16272cbd3be8705848d79ca8a4e8d5307c9354f26b9468ed3d7fad10aa333fd8c40ad0f5cda352300671f4414d795de194d5d9d5a39e22d671d00da5c95a1cfaacc7bcaa7d72f58d6a09cad3b7ec51a191c8c64af051d889c50c4cf4053c23eb5d69898e176f60a1dc116ee233dd819f495e886a4dfbc8b97ebd7cbd12d34916441c06bafe3a68b8452669752102fc2f414dc6e63db48680a4dc414d4a271adbd82e2d53c4e32d0c8ff4e9396e698d66ec80e704697721a7559d07c1b4f811a247e65428fb3f6486ca7cce111a4ced3ce5ef06b60b431a3346e0097584e5aea884fd438cf8fdd26aea3145ef61fbc45c78238ab77a8a6b49ea9723b3b1fd031cce1390bb6fe74780775a753770fd9251a29a310356fba3173b114f49beaf1d0b8a64b201f53ae5c937628e41678bb7f3f1e9c4e147c3653b5c3e8d08020a62e73675f3d1f56b7c271c2ea000c8d12be16d1ac2a413e7d6e120dd63145310fb2b814038212a47868fee4a92d428bdaf3b0fb13fbb4b5fd069d30dc782f482e83419918a9afa79c249de4781b165c230a23c7d7b4ae98c807082822b6622d1c1f9e595fc9fd2605a7b33004f7b00d5a7830a2a659b61779d30ba7c39249dca8f434efafd5dcff45b87ce049ce327d1a2c5722613f74b6837974579907c975e5625eeed786aa07b257223e6f3eecaa9f3ffe51fd97bd92cc79330647e793cbad5fb8eb91609271a7b18e65c5b93d3c2519045d3ddf5fa0db41f457c4d31b226fc943b1bbf0735d7490881df9a6003fc190af6f16f4fe1b617167c75a87873ce7bae7d6848488fa1d39f5ebe25036cf44c01379e0da5eb47b8d46914f1b94fbcd0321889c7fe9c94401fb8cd8617fd284177ced632a3c58324b40f9b5b3d0768867345d0b6fd6ead8fe6dbc74f050c52648d09f3772e392d403419ebfd4b0b82ccdd79e917e8bdef09ea8a5d65d352848353b2bbe0fcf1aaea2f87700454a724b0f4ec83a88cfad2296952196e7cf22f69c8a1c7553b5988adca353ab1bfc660e7f6d178d10231a4107cbdaefec18f837d9763b5c3a62f26fbca4e65344e15e575dc2e02639e6f0639479829adecd2ba21c27c65bd7f8058c1c0b5ee1e109be574a986aa0cd9355e847e8c139d577e9f53d28341d1ba5a500a9ff89b551f45b294ae083a8e683dc420f157b2651a64382ae3c1f81fc2c2faebbe267271d6f060111a14c8597d8d32c8202eee4c62b6d20e72dc598d1eea4fab8b30f80734b71a33dbdc70e827debb5c6c168ddcb2b8cf5c785d1ab1fec0c3d8ec2558df411f6f39ab030dc56c89a5445c62b9ecb62c377429f83c9d3bd094c03ac7ed71b8f44db00493eadd1b44783ac86a1a543d02566fb0b61c4ef3dcdb3bfc7719ac62ffea63836a2c625fa51bd28c01b6fc2781f71314645cc3ca8eb224a30ed9152193417d633d6045960689a23eda8de03513bd687ff6839dd505fc46e3c3d14e4bb7620d70bd79c38d63dbd08fc542d135e23eaae6cf9aa158416ce5c9e82c8024a5c4c532cffbac72257fc23e86fc8a2fb949a289bdd1b6579505676165d63b91c54a23a9acd80146dd3e03c20a721645a9520056edf2ce437b41420dac7c1ffe89a366499e8b60c2f633483d5acb680b30d0252acd4bb0d9ddf5d1d8d1cf064081346dd9d0a5534190945337aa4a6c4c456b70613910b3a0a44279bd7154732c72fc698ca3b02b29c020b478f84e057ee145c57edac69ea29e792c3a63c5476b9588c9a5916d19ad916cc217c3b62ea8b564677d76d15a9b8cf55fec680f0207aa4ed48d0d8c4581b998acaf0064bc77a62695301f2e5d3740e0a939aeeed28759c4b25503af0098a73f65990d224e307b113abf3812a51d16119605ca87029796ca357c6fa09cd2fc61e9a378e6ee1fb8236c28e89391dba9214a00a3bb3a90053f15c08c2170156dce5d0f8b13b30e5bf70ca01f6a47819f9f0ec9b01882a22b2dfb8700facbf391ffbfde2139c38e9ded85e98b7045bb12f0c330c8bfeabdbdd57e2d654ba3fe9e0ef7299b36d97a88bc182fd1f068163c7c4289aa1c216cbc56758539928e40e37c62a89bbdc72a0e816f45d630df15797babe570ff72bc89151191ffb2fe7d5dfad532b84078002af20116b0536bda717a48e77093074e17ef0f6a7b4c4de440c151b2a654c52e3f2e68ccc99ab8161679c3649c822db0c5662b292afc3991af8bb91343f31be4edb98568715292ed63e32bdcb2a9854e1adea494dbaa725a38e8ada7ccc6be849eb9ee99c9337b2b951104e88c8e0881513586a9893e29a8555b50249e83e04e5d7dbf1c4429f67611a4b210d0c95f6a706967ca19d2e7bb6d602ed41c914e64e0c614cb11b2430d6087b9a7fab16e7953532045e537e27b3ad52f5a2d42dfa3f75", 0x1000}, {&(0x7f00000008c0)="f1b9348f405606cffc6d8aeb4ac55b507d3373554404e4cfbb051dabebcbd637807d5f982357a1f24bbbc50cd64cb0dd146f3c558c1a906b0d90aa39cae4fdeddb09cdc632fd3a701ce90f93488cbe1bc0394fc7ed4a1f331ecef4ca98850487b2eecf226ca7ec3171981382aa8ab1c8cf4c48846daf2bbb291f11ef68ae505ffb99ed80acbb61cd89b5ea16da75f26d59b00344a35faef92e1524aa2724c1b763645ff5f88d505a6cece68d36346fc260eb524c431c0155d38f5bea7f66595c", 0xc0}, {&(0x7f0000000980)="a890e850f03711b4a130fd2b2cb54c29da5874dbf332f09da8bab18afdcceeffddcf365f95b1f28e53f1642747bbe954f6f4a3b228ed8c1269cbf8c18d977039b9c84e5c30567e2e4d31d10eb4d7f30f1074104fb70a2c", 0x57}, {&(0x7f0000000a00)="070000e628cf8ba33be5e43fb67e93203ab48e84a5a3e435e467e16f216b62c0271b6ab86b8890adba51a81bf3adb5a496eeddb3919a55cb89dd22429d178b15e4c0f53499b932f0d99daf96fd06e99731a8000000000000000000", 0x5b}], 0x6, &(0x7f0000002540)=ANY=[@ANYBLOB="180000000000000000000000000000003bb255e8a3400000e8000000000000000c01000000000000e6d50ab79937ebe0f7a317571ae931d7b829a2f7a39b1ecc757c41a86c0a14b7b6a6bfd0d874c200086ee24dbae97a65c978af9bb14d32f8081f18814f64221d9022f55f8f3a87854056e323680d1540068c86d14b9304ff44a4f2918e67a9b22b019a3b7924bf078cfc9609f2db01ba7e6ea2a607432b7b0876a225c23590547032f68e6fcb97446e5a630628229650543f542a5c961e5b4d01d359dfd7b764807016bff92e9fe5cb7619dad6e89437e60823cfbe5763fc4964f8e18d836dab0bdcaa3304bb74925b689edc60b11b07109597e21b70e4a0c513e0848508009000000000000000030100000000000064d3f00f48497cfc84121530fbce9714cb5d8eb2873d6faa555ca8a1ca687003cfe49e0025f507a131f3de44640864f5861e6d8f289fa57f644b641514f746294eba417b62258acf55b666ba6914358fe8899e03609d91f4a20d982d0bc6efa6460c0b39052cf4def05928c6c7bb0e6e1cb030f96f54bb62a804e78a0000000078000000000000000000000000000000a6d1bae6c20998ff0a6461218c1b920fbac8da8777c0bbce5522fc9303544f4c9d7e1aad9e388a504beaaa8e0a69d58353804d7b5acfc9235b88922699581e0f405d0c0a62ac568d71dde0e5d297762ca71fc2ec1d1a87b97a77b129b39b38459f1b0000000000005c33d7386eada9caa37a8693e8c33f672b6c184c3f22d7b29c747637195482b926d12f8bbf6cd8651cec221892095005b0af392aabb0eb184a"], 0x208}, 0x1) [ 762.851470][ T1994] usb 4-1: new high-speed USB device number 30 using dummy_hcd 12:33:56 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x4, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 762.905589][ T3461] mkiss: ax12: crc mode is auto. [ 763.129543][ T1994] usb 4-1: device descriptor read/64, error 18 [ 763.519518][ T1994] usb 4-1: device descriptor read/64, error 18 [ 763.639920][ T1994] usb usb4-port1: attempt power cycle [ 763.707463][ T3469] mkiss: ax12: crc mode is auto. [ 764.359754][ T1994] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 764.529987][ T1994] usb 4-1: device descriptor read/8, error -61 12:33:58 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) listen(r0, 0x5) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 764.739465][ T1994] usb 4-1: device descriptor read/8, error -71 12:33:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x6, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:58 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:33:58 executing program 4: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r5, 0xc04c5349, &(0x7f0000000140)={0x9d5a, 0x1, 0x800}) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) r9 = dup2(r6, r8) ioctl$TCFLSH(r9, 0x8926, 0x20000000) sendmsg$IPSET_CMD_DEL(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRES64, @ANYBLOB="2d8819d4f80a2cedd0dd3a5d9220be220fc2e07dcc3d741ea79760168a8e979b52a3349474fdf715b3cdde50a5ab31a4e75c3f3950619acda6af4d23c73c66e0551e30bd545738ac37dc9b520c0ef57b34b98cabbdf5898302be1079e15f66746e05cff7cab32e7e0d3231f495966de3dd40225125a00e7984c3b63c26f95ac38cbadd8fa92e0a175711181045e43ae7165eea3ff3f8bf61f49bd17eef6f9865ef0b02d220593f18c2828a752b13dad71c43da3de38edfd25e6f04563009832ab987c3365947720dd54129249c982a3921f6361e8f227f83cdb6"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x45fe5, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 764.977259][ T28] audit: type=1804 audit(1594038838.284:528): pid=3517 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/433/file0" dev="sda1" ino=16193 res=1 [ 764.988336][ T3525] mkiss: ax12: crc mode is auto. 12:33:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0xb, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 765.132397][ T3533] mkiss: ax13: crc mode is auto. [ 765.149544][ T28] audit: type=1804 audit(1594038838.284:529): pid=3524 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/433/file0" dev="sda1" ino=16193 res=1 12:33:58 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507d6cc022de500fbf31aad00", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x6}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x8, 0x2, [@TCA_BASIC_ACT={0x4}]}}]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x80}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x77a4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004016}, 0x81) r4 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r4}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r5 = dup2(r1, r2) ioctl$EVIOCGPHYS(r5, 0x80404507, &(0x7f0000000300)=""/29) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:33:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x29, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:58 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x900}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 765.425377][ T3545] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. 12:33:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x2b, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 765.583464][ T28] audit: type=1804 audit(1594038838.894:530): pid=3545 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/434/file0" dev="sda1" ino=16145 res=1 [ 765.683141][ T28] audit: type=1804 audit(1594038838.894:531): pid=3550 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/434/file0" dev="sda1" ino=16145 res=1 12:33:59 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file1\x00', 0x9, 0x1, &(0x7f0000000240)=[{&(0x7f0000000100)="7acf88c16df9f89b3160ddae382f9e5a2af7d553ca1960cad7158a035177917e65392d1b2025f17dcc7c8ccecae5871c442a7724b8ca4cb2a7232c30a3f4ec18befe619a8b194036805ced02b08eeb9ea096342749e44a6f4e05f82aea6450185f9de55c1a0cc05691210c32165285af107d1a44d7f3b490f3081b5434957c6978f2599723c5608a428ae7e068ae96ab901db3052c724242eedb1706c122b490260ca0f4ae7db8bccbc842c5957236b1149e04", 0xb3, 0x5}], 0x200800, &(0x7f00000002c0)={[{@shortname_winnt='shortname=winnt'}, {@uni_xlate='uni_xlate=1'}, {@utf8no='utf8=0'}], [{@permit_directio='permit_directio'}, {@smackfsroot={'smackfsroot', 0x3d, '\xb0}/'}}]}) close(r0) 12:33:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x2c, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:59 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000040)={r6, 0x2, "2001"}, &(0x7f0000000080)=0xa) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x30, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) 12:33:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x2f, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 766.022051][ T3573] FAT-fs (loop3): Unrecognized mount option "permit_directio" or missing value [ 766.115789][ T28] audit: type=1804 audit(1594038839.424:532): pid=3568 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/435/file0" dev="sda1" ino=16214 res=1 [ 766.147821][ T3578] mkiss: ax12: crc mode is auto. [ 766.166153][ T28] audit: type=1804 audit(1594038839.424:533): pid=3571 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/435/file0" dev="sda1" ino=16214 res=1 12:33:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x33, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 766.347333][ T3578] mkiss: ax12: crc mode is auto. 12:33:59 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup2(0xffffffffffffffff, r2) read$char_usb(r2, &(0x7f0000000340)=""/247, 0xf7) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000100)='./file0/file0\x00', 0x101) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) r8 = dup2(r5, r7) ioctl$TCFLSH(r8, 0x8926, 0x20000000) r9 = dup2(r8, r3) ioctl$MEDIA_REQUEST_IOC_QUEUE(r9, 0x7c80, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000040)) close(r0) 12:33:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3b, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:33:59 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 766.612960][ T3613] mkiss: ax12: crc mode is auto. 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3c, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 766.693863][ T3613] mkiss: ax12: crc mode is auto. 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:00 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket(0x0, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "00000100000000000800ff070000a71a4976e252922cb16857894f8c6f7ff804b0ef301a4ce875f2e3ff5f163ee300b7679500800000000000000101003c5811039e15775027ecce66010000000000000049740000000000000006ad8e5ecc326d3a09ffc2e45400"}, 0x80) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r4 = dup2(r2, r3) connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x1, @null}, 0x1c) openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x1000}, 0xc) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2000, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000000)={0x1ff}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) 12:34:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$SG_GET_TIMEOUT(r2, 0x2202, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r4 = gettid() fcntl$setownex(r3, 0xf, &(0x7f0000000280)={0x2, r4}) fcntl$setlease(r3, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x2) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) dup2(r5, r7) r8 = openat(r7, &(0x7f0000000040)='./file0\x00', 0x8200, 0x40) ftruncate(r8, 0x5) creat(&(0x7f0000000080)='./file0\x00', 0x0) [ 767.039356][ T3637] mkiss: ax12: crc mode is auto. [ 767.110589][ T3646] mkiss: ax13: crc mode is auto. 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x2, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 767.226107][ T3652] mkiss: ax14: crc mode is auto. 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x3, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x4, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:00 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x5, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 767.719102][ T3637] mkiss: ax12: crc mode is auto. 12:34:01 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001032100000921000000012201000905810308"], 0x0) syz_usb_ep_write(r0, 0x0, 0xb7, &(0x7f0000000680)="893c8ae02b4fd4ba87e9e889c6764ec115fac98cac7235000000000000000014961f00000081fe6b837969bff35b491f861e62488aeed26a1f8d96d90131c1e3f412e035c9774f60c284b09271931b832c650ea26b35010000804a926c9fee8ecb6c2bc9f3ff42072cf4dfbed75292dfb10b3579852f56ab8f6cfb6b837ab340b304064a3e1511fe3dbaa2e64c14d6ee2838c3d8f26c4a74672dbd68422f3f62debe3414b6a4021414bcc49be86192a1c0d5d341d13547") syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x38, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x70, 0xe6, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x0, 0x1f, 0x1, {0x22, 0x353}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x40, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xff, 0x1, 0x7f}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x1f, 0x8b, 0x72, 0xff, 0x3}, 0x9a, &(0x7f0000000100)={0x5, 0xf, 0x9a, 0x6, [@generic={0xc, 0x10, 0xa, "eb00ca36a6e6dbcf18"}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x40, 0xf7, 0x8001}, @ptm_cap={0x3}, @generic={0x76, 0x10, 0xb, "888edbbe429fe24d7b6914e6303e3b568083a27df965889c6ea5978c5f90be3a4b1923dfb503b02f0ffcc9af7e94e5281e9b84fbe0b22e171a886b468017210db82cc020db5b5f15e56f774b9320139fd43d253507e48074356cdcd39bf5fa7254af62c710be00df08899f718fec8010f87a1b"}]}, 0x3, [{0x35, &(0x7f0000000200)=@string={0x35, 0x3, "aef4af55b9c9166a60c28090dfa44443fd6d164022589d52a1cce5dc2ad92ccdd2c22441bfe6f9d21c72aba0b122716ae0d8ca"}}, {0x51, &(0x7f0000000240)=@string={0x51, 0x3, "3603597e91365d3f35ded8772b5dce1b3b4365dae4cb1ceb5e149819719ed02785118fe6c008ae1c448cd216047a06df6312520b5e04a0fc88f150a5cfeae353c4a7efa2928c8035bc79b464a4ff29"}}, {0x58, &(0x7f00000002c0)=@string={0x58, 0x3, "6a057bcca5e92658ca1694f8023d7a3aceb75524dab14eb9e9ad3ffa5bf1ad94d69d9c39a4cbc5485a6f0495a85904ae4ca756a100ad0845f104cefad923f158fb2133296378b534ffab3bded4fec6f8749cda746e97"}}]}) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="002273a46a0177e98fc5bae49b26eeb03d967d9f6c94ff22e123b4ba5842bff2c20559f3e73f884d42ab1d739411"], 0x0}, 0x0) 12:34:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x6, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 767.947588][ T3646] mkiss: ax12: crc mode is auto. [ 767.954497][ T28] audit: type=1804 audit(1594038841.264:534): pid=3695 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/437/file0" dev="sda1" ino=16283 res=1 [ 767.993097][ T3646] mkiss: ax13: crc mode is auto. 12:34:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x7, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 768.044279][ T28] audit: type=1804 audit(1594038841.294:535): pid=3646 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/437/file0" dev="sda1" ino=16283 res=1 12:34:01 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x10001, 0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 768.158333][ T28] audit: type=1804 audit(1594038841.314:536): pid=3652 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/437/file0" dev="sda1" ino=16283 res=1 12:34:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x8, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 768.259238][T16534] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 768.402024][ T28] audit: type=1804 audit(1594038841.714:537): pid=3717 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/438/file0" dev="sda1" ino=16114 res=1 12:34:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x9, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:01 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:01 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x181001, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f00000000c0)={0x100000001, 0x1, 0x1}) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 768.649632][T16534] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 768.702874][T16534] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 768.790830][T16534] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.857586][T16534] usb 5-1: config 0 descriptor?? 12:34:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0xa, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:02 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) write$FUSE_GETXATTR(r3, &(0x7f0000000040)={0x18, 0x0, 0x6, {0x9}}, 0x18) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(0xffffffffffffffff, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, &(0x7f00000000c0)={0x2, 0x0, 0x17, 0x7, 0x58, &(0x7f0000000340)="07c851effc7dd32f0099de00a13495b5764c87d2aab1653438f901598cb0981c317478d7e9b34df7d2fe67680998f1b0e0bc0c96cb3185950c6955a599e2f23192cc606cb6a3a071c70fdb9c88bf5e58a2527705fb8994d8cfed1d346c24894cf9170696d5c1e916b4bd741f1476472d6282ce4864c1509ccdde8ebd3468c3180aa752ea6724508ca79912c52d79fd9ce2aad6b6e3586b80ac25d2864659d583abb311683dfdc65ee4daee336ec1f07d8d248020ea463abefea4e6c0bff71e9fcfd05545a67280cebae14a30c3888dd5026484f4e7dd425cd5a83e04bc8ddf29467bb7de6654b9fab4bc8947fc8b7829d41e921d9cc71c761b07e309906e5ce4b0e3c123c0c486511a42f87a9ff134a122248690458892f5bcd7d4e21881bf02e7ea2f1e94acb7f50885c289b374c749f6c7b657b5abec9651b907c1279f4ea9c91289b63ad47c277e23d3069a2e198146bfa7d59592f5b4c63f3e51eae4c266156fc9b3498ba79f8857f759453f6bcf9ee348ede0204f51bd36536fb5e895f8f5178c2be56859882464799ae7eaec8c6b262c8b1a9f1f792e0830d02730ed35bd4f8133500ba90054ec5404d7809e46744a413da434609a52c6bb255163568014c47cacbdc208b94abe82ae5abda3080f30a24330cb5a6699b4b67746f06af63e8f14c53e45869da52878b8a55e859434dfc919ad234582808ef4d8f4b419b09e318a5dcc7dda9885bfa2a253418867e966d6a40bd9b772f9e5526db9a3fcd06e57245308594dd75ca913a24f80dd4d9a1e458c1db6b5238064649732688bc8aa698982fb3c7feb286863c15670c13adb8a757053450c7e4a3527a6bb19d5214998aea35269c2f64da440df867f9a38b39d417365afbfdf9989b0830add5c9d4417ba31a02e172250249e5d08a79876b502ad585c6afd65f17909137dd91c7e58cc92e22eba10e7890aa4b88f86888f8735557dbde5e479ed7221c02960cd975e7ae017fe8d4b1557c6e5cf9b9890b902e20ce06e0e5fd698d97bb7161dd6aeaf621b0967805801ffac7ae3f0438d4ca11546f71da9c533c378afbe127ae23148464707167381295c6fc1639ae432a6d51e5275a3073bd83c6b7f629971e157383eac7c178ca87153431515f54679ff34f34b0c314ab622809aaed0302fa923c951fcabe1d6b16adf0aac6023aa915fe63c87264a18b39bf20c72f330b354711e9dae3635da9726c042afc698efbaf845d028f32ce55f7fcd2287586146828122e2bcd61f1da4c8655b1263f8d1275364fb6e6fdd8dc468db57e6c5fc565061893fb8e72dd9927c89c47fa341975b623effa22875246fd727c75c8e9d51ec9dff51e89e0865856cd0e5cc660094306c7aa667c1374ddf084bab369bb8309185d08f0ef248c796833b117363a103a942d4dbed35a987fa8709307ca213dd794b"}) r7 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r7}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0xfffffffffffffece, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c2a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x7f}, 0x0, 0x0, 0x0, 0x9, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x10, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:02 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 769.305991][ T3770] mkiss: ax12: crc mode is auto. [ 769.731072][ T3783] udc-core: couldn't find an available UDC or it's busy [ 769.742405][ T3783] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 12:34:04 executing program 4: getresgid(&(0x7f0000000040), &(0x7f0000000000), &(0x7f0000000080)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) ioctl$FBIOPAN_DISPLAY(r2, 0x4606, &(0x7f00000000c0)={0xa0, 0x258, 0x280, 0x800, 0x7ff, 0x7cc, 0xcc04f7409f122399, 0x1, {0x7, 0x1f, 0x1}, {0x1800000}, {0xde4, 0x7fff, 0x1}, {0x3ff, 0x5fe}, 0x3, 0x40, 0x2, 0x4, 0x1, 0x80000001, 0xffff, 0x800, 0x2, 0x5, 0x80000000, 0x9, 0x10, 0x200, 0x3, 0x7}) 12:34:04 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x28, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:04 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = gettid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) getsockopt$inet6_opts(r3, 0x29, 0x37, &(0x7f0000000100)=""/151, &(0x7f0000000240)=0x97) timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000044000)) ptrace$getenv(0x4201, r2, 0xd7d, &(0x7f0000000040)) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) dup2(r4, r5) setsockopt$CAIFSO_LINK_SELECT(r5, 0x116, 0x7f, &(0x7f00000000c0)=0x9, 0x4) [ 771.050180][T16534] usbhid 5-1:0.0: can't add hid device: -71 [ 771.056254][T16534] usbhid: probe of 5-1:0.0 failed with error -71 [ 771.084443][T16534] usb 5-1: USB disconnect, device number 37 [ 771.114590][ T3832] mkiss: ax12: crc mode is auto. 12:34:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x29, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 771.223148][ T3849] mkiss: ax12: crc mode is auto. 12:34:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x33, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 771.275311][ T3840] mkiss: ax12: crc mode is auto. 12:34:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}}], 0x1, 0x20008000) close(r2) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/exec\x00', 0x2, 0x0) r3 = openat2(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x400002, 0x40, 0x3e}, 0x18) ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r3, 0x40184152, &(0x7f0000000280)={0x0, &(0x7f0000000240)=[&(0x7f0000000340)="75a42f734880720e972211837ff263a6e08f4fd5b67b2b1c70b3c5d3fde8a0561b", &(0x7f0000000100)="5d80b7cbd083067aea30c99228be0b4543e36e0b338f8b8fd36582697a62c1a8ddd159cdee5be525c1f8ae580ae8151d2d1baf5b22852001dd3e8eb7b8f7414e2972ea8da88f027a7f3236a1af", &(0x7f00000001c0)="23efcb4efe4732dc91a2e42d85fea9ec102ab35a34339e3d61873caf0b2a95749276773c502cdde857a114aad131c668a082601a60bfc1e8fcd8421c2531c8cee41c455f0fecea", &(0x7f0000001440)="370c1cea72e525a063fdef2778616f069916a098779613f308cb1034838f9897c7619315d3e736f777b9ae2305f47c2c27d4c93f469c403ae5b668ba17539674f78926e656fd1c215d3fc827012fd3c636cfbb74fb2efc84615a444700b37c5888d108c247433a6b792c0dd34ef4c7c6b6957519ab09a152e934b214a2b97f54f0b8f45bd22fd8279e34519e2e897c3f8bdc45bbe0cc9b884baef91d3f13b9ec0004bbbee0d995fb2d0a87057b9e4a3b1dd1ee823b7dc1be6bb77d61d96562cd055a7e1bbd22c3542507a9e0314d9eaadcedf6763e8270e8236c4f6c5418db4077ed224dfdba5d59d317ef191fd06b240e8f", &(0x7f0000000440)="c917cc3498d91533d8ad9c33d7508fa4c950f6cce3c5cdf8700575b49c34ec9efc86480c45d4521ef1017483e8ce4033dd910f7ab28a76d84cb92d58aba75a3c564634217e24ae369989fa3751d0f9923e3940697956e318a0e51d6737bd78a33ae47111964159418b6e2130165cc60a1b7291661ef154d9c4ed2b024c8b4c0f419df3362ffecff3f87b10fe0ada610691d1b39e970f2a67634569fc728beb48389af166c5d2361cdeb0df610081752e284d0d96e3d00ba1bf061c93e1930a939654c0189ebd4cd87887eb92396c4ad099fd788a3c3a84dcc3952c5f2e188a610005325f5897347004b22013574fb81e1c53c9b512c7349215118a9882d6376b2ad50cb4f69c101afd0efadcc687abcc953c0159dc27dc8fb20be43ee3dccad6c7b91c44cb2bf7a98912eaa3399addd9af2639a34179729080783e238e1364b5c653094ccbdf685f2feecdd82add6ec3ddd8a74f823ee6963271cb165c8298c8775a7fa0786541edec921c2a8321305dc8db486e01bebabab1910837d0aed45d1e0e7b5d775274e3725bb58c95625f34453814ace55303c46f24a3e4c84a21fd47cbb66a0651277dfdd73df32258e2e86459f7302fedd466efa5e7af1d757ca32badaf68db2bd1be1d178eee9ba4da4dce01ceed25710b41a03f3e800752185371ebe6ad3d50dd3e5b1885e55489ebb93928a467b1f7c5beed443efd58133084baa49f78ae3007484b02128f5340b610002503163cfb18ae65392cccca48c3288e54a7b8d73e0142f17f103ebcff9aec9a1bdf23eeac5c444833efd89ab0d86049974aa6f3aecd8b6cc0f02c45dc101e121f27203ce4fe38cb53fc5d42a84938daa90c3f289772bf44cfa5a366ec2762186d266265465db2f36246b85e70bf2ce411e88e4353ddabbc2514f00510e2b1ee2d892ee7ee2ac19c9fb46033f09eb57b7a5a93d193899d4d6a5bf4b4c1dd5f37883530c1ea6ac7621b3e74b19afb1dcdd66b8e72892f60d411d5fd0ce3809816bd14cd592f0495ac4819db79e8b31beac138fdecf46404bdb03d485b6959a925248a7ebd67b74084c514f8703fd123532a8e693ae714a46ecda53e7fce4259d2c73a8249b9d2c64e6895f3225ed44d65c13da1d488d4903650cb653914185c2607dfe3f35b1bc5d81edf3f5746609af1cc7b38ba221c61f76847472753cff4b3134c5d6e2840e29cf75972027c473bf41ed41dbd4cfffc47c52fc2e5ee75df74db02e967052624ca280d898031c2ee1c35b2f28e5df0e7c5de0680523c496f531eb42907b6e45d24fb48a30469c6a905f87a540d4f4e5aaf6a78de3da2b37b8d23c9dcd1b82abc0f1980b8774d8a54b9b629ae9502d8575a7f45c295e1f8c4f815456c4c2d44e0f2dc48a5ace0419ea7911a8b1fce1376f161d5af3ed91cf954ff6e1d50f0b9d428609405937d66a175dc8e91cfe4e5b518c1b937505328367d4a5bbe570f4d0449557cc3b4fc716d06813015ae1a78efdedd563197fdaca34f34af6312e0ca74cf74d1d3b851688a470db41c34d19a77de5e0333c943ff99c295342c3080e10aa53566a05a57d88999528bfb8e76708ce5ae86adb3b98d4861f7351019d5fb64357392f90aa81703341b94d928694818a4db67c9881a1d5c0afb58a09eeaa2381ab4b6a1312b9c92069ec4a7d7d441501e14278e801487d8c82c18b7390c8719aeabc8bb8787da8e249a62f27344786e8bb4bce7a49eafa2c2e0198ef4f2b4cbbaa138a432550edcd5e0a389bf2ad9010607cd4db68f9130cc30c0017a4a8fb016a5c2099fdc8e9873af9240b1da8d063e845449c770dc9d2aab0c507b3aab48d056356ad24c70f50ce8d9ce47866f22151e5388a63494872b1a4e8945b3b02438f8b9d0194b19976588319c5877e487250cbd2d3c11fb8dafd18b7183eb111e3df35674739a6653c451ff6e1445254fd74b74e66e9db1aa51d4d5d4b5603dbff47aa2a80b8807f30a9f990999ee6632b500d9cb0e23043d0a13ff8835432f2036841abe0fe8b50f29853413c3ba4b99a161fcdef4002050a653fc33cf18b7de477887290ac7507cf79c4ad6043808cedfdd6dadaafc674e692784caf89a694296983e3d18678dcbd774d2a7ece5d97aa9c1228be17bc462fb8a0aaa3fa387fdfc4eaad1b77c3897284684ce51c8a43e1a8f8300ab52581cbb3d8c63f9db969c1fbf3dcc9651c496545359a152549205c71518cb4bcb10690a525425fb8b6761ff5ec40068e8d23b1945a66e57582aa1860da7f7a936446e96d3a6828c114c0de7b91250aaa2b371693e635b5569a029e0f62ba6c79bd1e49e1f10567e62496ea5540e28e2df0ab72b81ea84ef2d501c9d4bac3aa6b82b5627ba02acea636235a786d4921c76ad4b4abe2f3359cfbb0d7e3ab8e3020f8177a55db26594a4c5f1ce07015736cc89b9a3314f8aaa40a49c8ccd253be39810b1732cad64acff9c3d4271d77755c1009b6afe00ac3340b20e1efd61c65736c397c7301571928e1df42f606253b67e0eca01c031e17f81f4a61223dc2ae63f5401c340febedad8e252e9e34b0b8886e17db61e30ffa871492151dca6e16b46f487776ee24e9407204ca6ffba4b205aa8e649aedb144fd48d6d68ccac7a90fa189e6cda4721b8e7084146491647d438cfb81d2814575c19188a913c03d9c08740dd1c768ede9500b171801660fef23891decc77ee57dded845f8df9dcb55d766736d27a0b2f379f528814561cc685bf4f90de59565a23ceea874264b410a317045d1dd52fb31f6beef800d4ae2b7e686245c9a5ccc6aab9f49c3c43ee70f4e776da8e790604ebe70099172e7631c3ea8c1b500c3646521231523e1b3de69b59fe0aae6a8635f06360e89238bc71af0c46ed1dfc44d92cde27be562b3e5653d7ceb41efdf301fa365f3b1e994de7f236bb4b9e0e1702f6e2a7c1305690f507efd54ba43ae8289911b3e0b98f1abf48f811ccfc4a15ce336e81ca0dc88a9cc7e5bda37053581bb8d7d289bb139e63f6c99140e5f1a899e95d2523d0ca49c29a2c548af6a98c0d33f2b6384ace09992b851d94307618e0332806788799e1acc903a19b30219ce9e3444f83bd51fa459d30b2817c79e862886241d896bc4dc6fdca2ee66484dce36c70dbd24154b55eb357896e9b8031851cbf95ceee2c7a76c7504d0065d9fb4b28f42899f14b6cd050ff9ea25c78fdf5323b039de4c3691de9ef40b4d552b920a9b547d9d812ad595d49a549c9dd9de005ab70de234a1cbe813084ec4bcf61d97df1cff6c658837423dd9172e66d889d419ed2eb0944d4308003e72f784b73c302931fe93308cee5b6088a3f49a5e61c694b1fd1de1b5671f60c90d9fd11bba85c5163b02a701c411ad5afbe63a235d79cac7ee4ad983e84a34bca5581e4af8272cbb00e061cd5d2487baa0aa826a9347e7c130714f1b074df1f0d940212c4ace85374ad7841e4020672eaeb490c35ecbe70b1b85069cc8a40b5cf1e5bc49aa14991a38721ad0321fecc834b0e78dc38fd84fa6c0e442e76e5f434a5e4295fc786cd3115e44e2a6daf582e19775331d938ac53b593cd00c947b735711c67a7359484c418f30089efdd38801f0d2cadddee943d8a3d8d23517161a6c31ff991bc4bf3a371b3d1769b27e3764e9118950b92728e0c3ab4c8775b9ab71febec7173854138e91a8075981a0d1e373cae92c5d634e55e0570ee6a3fb51238a9d0dad67fc934b10a9b8c057e3df9aed541eae7868410b9dc68c77018e98acebb57a32f0efbe89d7dfa8030bb5e97696498e6a564198de1659711ddc11dc64e45914e4345325dcd972fb0f96df1eb09de18e1f81b691d827603ddabe7c3155a3fa227eec490fa6dcbefccc353d1f6b50f045d84ff6fb573526b6f9d4e535679f59b860f2bb3bc453b17de59fb0389651bfc0a92ef8d46b8afc6faf37150f45e3b143d141e883010078d139efaf939b2ea04ca3097d55c5ad541c686b90b1fe4a3ea10194dca667edff2ebd7a9fad04144507eae7ce1c2919d2d483eeb74e4dc278d63bdffbb0b7f57a6851877fa3c1397e9e1a4af89de1cac849d5e885bc1f48af5ce3b7b1d0dbe70b3ca4bb3e4fedc1647b0e081f0a857fc27590d350329447d361a68d8557bd6125fdcea4da95b703b43f4e4cee0e7f2e1522b0033a38d0fb5d75ce8388403c0ea347dc8e54c5d0ff32baeb78f65043be8eda1a705fecae81a9ac03d497e1a47f29244f881978279fd747ac39b4274a70609746f0e1e277799bf86cf50af7ebb90283db718f85eff9f9ed0058c3ebbd136eb8cbe7908978c77e0a9f2e6643abef993c801665b3c3e6b7101fb85d0408179d3175354c918957685a613c13b5d7e07d962c5533d562d5d80220d9e483774c30d69d1cbdda0b56aa317047badf6a7dfc89bf796198e5c2f58669b6a53719f4d5870ccd0ad6b597b3e1e762873a1d21c36737b97087acf2037d2bdcfb8a84a4b94053cad59a81dd5a803fcd424625b2972c281f1ac52ba5d1342adda6762b58bdbd7378405c9465cadb77a2606ca027257eb460e52dac9bd479d321c1ee20930d89ebc7ef88507e0ce022e81c4160fd774f21fe4ffac9f2a058147c25938f6afb9035de10b653dd0a0a488bf83e0f2a2863a2fcea5888b107f64ebe9dd91e353a105ffd4df47a391eee21538e90c5200e6e4f9b0641276a559d8c45c03e6b1c1d73fb0c57bb67be0925fc68b803d0c7046976b254a7e2899d309a58376aeb0e97676b118aab64cc9e38f4dc15a8d728ca26765d45542bcb274360691c265a66ddabc0d488b78c9716c6d84249b63782c60f76ac60a5f565e456fb64c85ce7613e3bd2c86b6ec1eb931511f883637873d376cae377e9bec6d545680dd96b6008972b1aef6d6887947c0d14269e6e6ba5b11f44e31c11960303e5167030523778610b673a2cf4665bf8c8318502adc53bdfb2451a17cd49c4e91af841e291b1337308228230d442ad6456d5a9c3d304a568ca450073c7ca181c5857369a676c145cd876ed25cb43d626c689d70ec9d7b18d06aeb4c31ee3bcf3fa6717b3d25f43fa18eeaf87a4d2c1065962242764bd94306cfc04847f5b3f05b55fa0900274416e4b6a5894cc117e820a2595501323fd8272e8faa76a956ea99e91b8c7d2cc35e1860e06d6ce1ba9c5c671c6acc815f3936dc226985c9e33a7268f354641cdd4c44b34b34df9fd5db045930f1aa03d65076a8106adde44a9fdc3fef67bfabfa95a608378cd733068f8559d22dd43d96c8256a47c88432b8d2ae5c3c95da853313ccddc5fc9d1b949f4eb57adaa4d740adf98b4e7b1d9f679c914a53d1f87427e8c237d2ab499aaa44518e83a980844586fab274d475c8a13d18f348c1fff2bc262dc32956d083d84e393fab7a33a9e919301495c0ad257284009f85bc53f6ce54b68de8e4d138cf0ad16d2735914cfc6932c172eaa41a773291ac597c7b6dfa934663b1ccad85c65494e4147ee9f2c9ca5014854b11d7d2974c0c8b37e6e585e0de27026ef2193a44ccaf210598cf2caa4312114580e286137520c320517d433679e6a19e2000aa769939f37392718d24e3afd995b20839a8e5a9dca6a05aed4cc628c0ba2029ad2e2e29004af531379cfc0bdd8dce93e67ac68beb94937aab708432b3d3414ea425403280d7f953b2930a37a4cf5bf379d90e0501ffa91beb236b261204683b5898eeb1d2890880b25e54716e51463508fe9bd26b1a5f800eb837a8a84b5def0f610e5b5c2ea7b94ecd1a7cf5eb6f30b3"], 0x6}) [ 771.412581][ T3840] mkiss: ax12: crc mode is auto. 12:34:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x3a, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x78, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:05 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(0xffffffffffffffff, r3) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000000100)) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.cpu_exclusive\x00', 0x2, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x5002, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) dup2(r5, r7) fcntl$setlease(r7, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xf, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x1e1) close(r0) 12:34:05 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0xfc, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 771.930564][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 771.930577][ T28] audit: type=1804 audit(1594038845.244:541): pid=3894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/442/file0" dev="sda1" ino=16312 res=1 [ 772.051309][ T28] audit: type=1804 audit(1594038845.284:542): pid=3894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/442/file0" dev="sda1" ino=16312 res=1 12:34:05 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() unlink(&(0x7f0000000040)='./file0/file0\x00') fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10084, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x51200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0xff, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 772.185888][ T28] audit: type=1804 audit(1594038845.304:543): pid=3894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/442/file0" dev="sda1" ino=16312 res=1 12:34:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x10, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 772.269032][ T28] audit: type=1804 audit(1594038845.314:544): pid=3900 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/442/file0" dev="sda1" ino=16312 res=1 12:34:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) setregid(0x0, r6) chown(&(0x7f0000000180)='./file0\x00', 0x0, r6) write$FUSE_ENTRY(r3, &(0x7f0000000040)={0x90, 0x0, 0x4, {0x3, 0x3, 0x40, 0x2, 0x1ff, 0x8, {0x2, 0x100, 0xffffffff00000001, 0x80, 0x1f28, 0x1, 0x8, 0x1, 0x10001, 0x2, 0x9, r5, r6, 0x0, 0x3}}}, 0x90) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='ramfs\x00', 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x4) [ 772.359919][ T28] audit: type=1804 audit(1594038845.664:545): pid=3905 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/443/file0" dev="sda1" ino=16316 res=1 12:34:05 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:05 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000040)={0x9, 0x0, 0x7fff, 0x6, 0x1f}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r5 = syz_open_procfs(0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) tee(r5, 0xffffffffffffffff, 0x100, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$snddsp_status(&(0x7f0000ffb000/0x2000)=nil, 0x1000, 0x0, 0x110, r5, 0x82000000) pipe(&(0x7f0000000040)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000140)="5687595913275fd8baf8c9366cfb8716", 0x10) syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x40000003, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000111401000000000000ecffff14918074e1ddd1f6"], 0x18}}, 0x0) 12:34:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x27, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 772.487296][ T3916] mkiss: ax12: crc mode is auto. [ 772.495750][ T28] audit: type=1804 audit(1594038845.664:546): pid=3908 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/443/file0" dev="sda1" ino=16316 res=1 12:34:06 executing program 4: socket$can_raw(0x1d, 0x3, 0x1) r0 = open(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000081}, 0x48801) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000240)=0x9) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v3={0x3000000, [{0xfffffff9, 0x80}, {0x1, 0x8}], r1}, 0x18, 0x3) shmctl$SHM_UNLOCK(0x0, 0xc) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) accept(r0, &(0x7f0000000180)=@generic, &(0x7f00000002c0)=0x80) 12:34:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x28, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 772.703013][ T3930] mkiss: ax12: crc mode is auto. [ 772.787210][ T3930] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 772.844934][ T3938] IPVS: ftp: loaded support on port[0] = 21 12:34:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x2, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 773.086999][ T3954] mkiss: ax12: crc mode is auto. [ 773.153606][ T3930] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 12:34:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:06 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x4408040, 0x20) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x8000, 0x0) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r8}, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000100)={0x9, 0x200, 0x7, 0xf7f, r8}, 0x10) [ 773.494702][ T3984] mkiss: ax12: crc mode is auto. 12:34:06 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 773.584221][ T3994] mkiss: ax12: crc mode is auto. [ 773.639484][ T3938] IPVS: ftp: loaded support on port[0] = 21 12:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:07 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) sync() creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x7, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:07 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$hiddev(&(0x7f0000000000)='/dev/usb/hiddev#\x00', 0x9, 0x200400) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'macvlan1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32=r4, @ANYBLOB="0a00ff080a0002"], 0x28}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 774.179032][ T398] tipc: TX() has been purged, node left! 12:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:07 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0xa, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xfff9, 0xfff8}}]}}]}, 0x3c}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x1e0, 0x0, 0x10, 0x70bd28, 0x25dfdbfb, {}, [{{0x8}, {0xc4, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x230}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0x6}}}, {0x5c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x2c, 0x4, [{0x6, 0x2, 0x40, 0x6}, {0x6, 0x5, 0x72, 0x1}, {0x9, 0x81, 0x4e, 0x7}, {0x9, 0x80, 0x3f, 0x5}, {0x6, 0x8, 0xb6, 0x1}]}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x24, 0x4, [{0x54, 0x9, 0x5, 0x10000}, {0x4, 0xcd, 0x3, 0x401}, {0xc215, 0x3f, 0xe0, 0xffff}, {0x0, 0x3, 0x34, 0x8}]}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x14}, 0x20000810) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 774.886582][ T4067] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 12:34:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0xb, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 775.067986][ T28] audit: type=1804 audit(1594038848.374:547): pid=4071 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/447/file0" dev="sda1" ino=15893 res=1 [ 775.099668][ T4076] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.145701][ T28] audit: type=1804 audit(1594038848.374:548): pid=4067 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/447/file0" dev="sda1" ino=15893 res=1 12:34:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x48) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x0, r1}) fcntl$setlease(r0, 0x400, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) ioctl$KDGETLED(r2, 0x4b31, &(0x7f00000000c0)) bind$bt_hci(r3, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) close(r0) setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000040), 0x4) 12:34:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:08 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000040)=0x80000000, 0x4) 12:34:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:08 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:08 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x30, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @empty}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x30}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x50, r1, 0x400, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={[], [], @broadcast}}, @FOU_ATTR_PEER_V4={0x8, 0x8, @loopback}, @FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x6c}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x40448d1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r6, 0x5) ioctl$sock_inet_SIOCSIFPFLAGS(r5, 0x8934, &(0x7f0000000000)={'bridge_slave_0\x00', 0x80}) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) syz_emit_ethernet(0x52, &(0x7f0000000140)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty, {[@timestamp_addr={0x44, 0x1c, 0x6, 0x1, 0x0, [{@multicast2}, {@remote}, {@remote}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) 12:34:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 775.711352][ T4099] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:09 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x40) close(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) fsetxattr$security_evm(r2, &(0x7f00000000c0)='security.evm\x00', &(0x7f00000002c0)=@v2={0x3, 0x3, 0x7, 0x800, 0xf6, "e8b7221a24d3e5dd81d225d4dbc06e96b371e1dd1295aaba54179d078ea9af32abc7135fd442e6be342c2fdbfd2550c863291c136cbd51b88cf812a5bbee4429ce27065a3fb7d1d6750b5bbbab109deec29cdf08753cfc7cb0f811bf8d5fd08fbd39aeb8217cd83cdc5fded879d1843f1a56550c6f321203bb93cb58d083ec80819197b79af54903d4da0b3fa71b63df884eb406bfb2e2097d51405dc67394c596b4a63bd292516e53cceefecf48577c73e1615d9218805031e199e51c4b424095567b0d988441ad6371e125185fb6e7acecf75e91bdb7ce9bf89257bf3bc8fde6a1c615e0e8a5ccda811e56260fc191e8379dd9b1bd"}, 0xff, 0x3) [ 775.839930][ T4104] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x981a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe2, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) setsockopt$inet_buf(r2, 0x0, 0x27, &(0x7f00000002c0)="7c56bde742c5d9a1dd289e8e2569181a28fd70999321413ff9d408b637554ac67c0585c44f2cf5131f47636217134e525a24104ac4aa9036d728b6678b79430a8ce29faeb34699b4826c332d3d0a996b6d5204b4eb5c3e072af4ff30252dda1c7f4e4c51fa5abc8df0a13e40588a912617f1e06c63e72a48bc3b4ffcbf30d12389d108e7994ea3d275383f8f1816b6f994b4c79d99d01a22956d5f02d091a886a88cfa618538992c276d90994a928fab6e015beb09c55197339b3ed6359b84622149b8be3e0f19d0061ec1079e485897471e99d38cfc845aeaddf20de74330e1f1e895a837ae5ddb2dd67251b77a3f2033868627730b222479c70327b40d038bbe8d92ba9e8a4d4617d915465abe25498ed508655cfadd958babfd956268947ec693f6918b4b9c6b89e8fd38df113976fba5e0975e3b6f8021ef0790b3cf1e3f568ec5e0a0c2f25bb235777be4c7a7259b60d86a63adc118e847959f205e1213a6c099a43278aeb61c08437853c2064070738a2e45c94ff5b35f38868dc8878ff68d7c37533835b8c7370ba51176115b9ae98375e24e5dbb60aae8025063134b3f89c987f90a727b8863c1ac0a3c2f5f8e4a0deb982471c792ab8a47d590301b587da228d9df2a31b3e355757e052baf789e9af256c44e17e5b5c20388231c489cb5d5949e01a00a48c55e129a8c703113441a32558dc97e55dd52f23a0366462abf257987897df5c9b4b82cf7aef62cc60273926e51c8a920808bfff8268ebd8d1f10c4862375fc4b00e59b9433ae5da8eaee9c5b2c59f26063d845575bed3266e648c68cfb1cf3969f502f33261c3ba294fa696703abe2e57c2ef7c1597b237c59471a303d4f9e4087d5ba0939783a1017592cc674b7a88a24bf7bce9e888245f638d95a3bdc6e3d16c24f9adc1ae1b306d740e2e46f0ce17d9e961f55819d3e399736bb7b02df2894d8260ce9ce819e433eb4e337129c6f8793e7dae459aeaedb9c074555b16169d0ebe2d266b6470d38ea06100428e76c02df14a54f28b48180853340f996c44f2545db1a3e1cb0fc64536f64b8233677a7c72ea4421219bd0da5a06beebaf0ebe5769d84caaed54786ab2f3ed920b190088aedc87b1117757fc0b1a28722cec7e287294851bdd6db26f29dc00a7d60da3e0eccdfc4159f453d92254bb90786c8d3b490bf977c20b9ed0dbbd1af1f96bb99c7053c37b2dac9354f99f3b549c3bcfbc288b5e7a20af985bea4150ed3db4a3e1c38229db73fce06a8e57862df4190875d9e8c08148427268d9615cabcfe5d45a6751eb91b717079e77703d43f214259f9835ec67b1cfe17a4fbe37d93eb27bd33f9841efd754237e8712c92ed2fa5b300e7a9e024ca213909e1d1954b64c0a15779aa59f6add589703d3e45bcf01e78a8f18bb7abc39e04f567829db4f76f3827953e2e8a5c39c5eb4c7ad733ab993854d16bd3a2a163cbf93ec4dcb64c9c762c4c2db4e50652eaaf840f690ad494e67d09f3f32b89b60f711675f09e08838ae6104c64995a8cb1bb909e6115c6253850a8584ff628e45f70e7b314375c641bc6ef9426dda7e0de6694444fa4e94a73c6beb3326379dc3cc8bdeabb5e6a4347fbbbaf43a53029094944c88a0b1edc2fd9b16bd0fb6029bca30412d15540a469cdb5fa7a3a7a6a6fec1a9132bd529eae74da9c3bf4be066ae34f7bafb7259d7050badcd9eaf8764531d439321cd472fd773d32fd580d8c9b64aee5e43a7754642ecf8532636ac05a13641dae04887a83f1f256c53aaab4acca5221ad529e6ebd0ec7470c55eafd353ab1e3857ddd8c475e347f0db0299f7879cf848d73a3332d202fb6c481517cffd33f94753e201c8859ffb3e4fcf33f3cf0bf89385176d674fb22591ba7ac0a3b43b20f0cb5ee2dc865014f691495bedf212049c1978c6eec67f4eb6b68b4368900dbd66d052341dbb84bb942fb252d8b0ea56e650135f1d5618e3ac44ad8f89dee6a440d8a254dcb71430c6d1a80561ba6094f46ebe55ceafbb975806f409ebce2eebd19571e1459f98d4c779af368782abec9b1c879ec65b3b0114e15bdf45504d604c572732060f805a27fe4e37d34ea47e30c0d66128e359adbe93c26143581dc11c525caffb203bbd799b68b904ef0282ed9ac62ce21f810ab7137aa239b24cd2760cf94f767406c8ec3295301a1311e2f7770a59abf40e3527c82f26087eaa56171bc19563414c90fda8ea38b86e1a4d4dfdaffc273020458a991d27cb0792f0545286fef7e6586da05df46b1ffa3c550c4042427555ea32fdac54e5aa92c9cf77d6d31c5c3bed2c88e0ccc7f2fc8c4b88cbaa1996e27e5009f494e0fdc101e0f7839961b6edf5481654e00e86ab4635ae3150eb033dbbea7a5c7a63211ac456a640c101ead9354086ba854a00ea49603f576bb39da488db42a1f7bd2cf0c6f0e6d9a13edb22466e374c8f1fabc13ee92632fb5bb1b1ba84947af0dedc679b2d2ee2ae996ec3fa06ad64a66e3b73993ad6606c933cd67fe35121420fa7d68825aec2b4a1042fb954ba0303e1506eba07dde856c0448221c4678bb9f9933766a504b4be2a211fd72e0ab8a0e8ec436cf8a9ce9117d84049afb73454ffd9eeafe53d8685482b36558ca9353457e46039bdc57e3972dfd46ad932fefdc7becb1864acda1906b8589deb1df0365c6d378b0296b20a15ee5f274964ae088cc526f5c3af6add62af26edac9fc92898aff9b995660ef100a179138702912583c2b1cc47010d143d715342a27bb3a85855432f50702f17bfd85a27ebf711fdfdea0ea7a040818b896f12501d0b04f4c07e1747bd510a28ce84e415e2b2e4dc08fe82658fb1c897d812c5e271563c8052994d0c9f8bdd387d491a5b520da17e822c6a5f7ad05841a222d5ab475d0057c98253c3134226517b0c3f30ce3605e249319ddf065ef52a6cdfd4ec49b2a5c39d4837a59775eb15e71d7abd85c1dd29e430fa14795af67e9c38140db33b2fed59deec619d8ff3a36767bc311c9013e77e1a3142afbabecdbfe6d6ad470bc82f17dad0ae0fdba733c50ac69dc5b33d163edb079da22e68476d673af024f25ed6b0faef6433b14f56f4a2cf6c7845bce0f39042fa1df7fd0de8f709d6b3d4f6fc458dff16c897534f89835b96405ed0a952fb2f129737433b63ebb576a0dcb3e9f0ea664a207beaab127bed725a01afe5e2917ff84f30ea6befac7a2c3c4792e362a434c813b112b39b05cea06cddc0afb17d5da3b2e05cdf13567e5ae21c92eb7f7c65ca8ed23c0bef56abb0ede954bd74ca5954b9fcf3552cad42ad781ab5258e0a708705395a50ec1e8a6970c4a384a004e354c48a248474ab17816afa684b6567da24ead9c789bb62a7f75ed48d3f95305702106034a4b7871100eb1fa3f547ecc4391098118f023208ab14d2c5c1b25f4185b2c499c154e4d1f4987e5425f28238003770cf702fbda0dab759474eb09faad491ca3697722b084c05ad8a04d563c9f0bf8c316fddcd51d319b2d2bebb00a653b3a2b05a07e22146a430852d069a7631a949316919c3030eeb5ed540bf17e039f98b495d5a49598a12232a3885ec5b155e4e21fb0d58c0013edd7d26b614707bc910d54024ee58712c208628f4f49cbe13d1f80ca77d7e6a42040a80c58e14061b105db57af1b6c8cbe2de152b9c0206a5b425b1ea10b325505cf6ce14006ff048ddd12263a2010bbfbd45061dfd0172e0a1c2a1dd9ef6699f0c68fa67cfc754f5332b79bc811dff546f3c56c1f8f37a5446b1afa0e6c7ef36e0f1ed36e5cbca9815b27e5ee71e525dbaa65309fa04e8fbadda70dedf9267b675a84866fca6a16b2def5ba833bb6415d746a11d9d013854957dadff2e5c14ec2995081f16a669ab7e49e156a47aa8dee1d1ea999bbea63f6ad67564de7fe6f9d156c3f81e2828501180aec044b337f13a25863bae8c13eb38e23e0019b5c1dfcf142dc8c8d6691d5b4c1ae2073f83d625c9b2a4a52b39031c606ec3808498cffcc9d914240723e5670d5be86ce42f4705fdfb7b3bd84481f5cb7031587400ca6bc8c0b6ab8441479010055e644cef7cf340597248c883a15b816c3832527de9805d06737b90b4533d70d5f84bf9e87631f7e866cd9a4627314f0ac06841fbd8a91cb1112b4dbd67479bee5ce3943ff9fc067fe7a76cd103e2669e9ce9409f17013f5667ed5ec96320225f1be6610d622eb10da03111917b22b79ace502b0a389316dbd174af1198894a3535002f4734802edcf4e34fc701cd0d5c235f4f8f7ba4a39439eb11616ac92c3b5a46c318654e074956202e6f991f81b05c612f7a813888d625d6732dee21c054690865cb7f59c3f98182b995f54ecb19d843ea4936a8d484c34b08eeebb3767840e4c728c94529d0639a55b07d26c0171efb6bdf7e1c46ad135b65c1dfcb5315b98ae28633f4945ead01c0e29f698b2d5e2e657bbcea29f67de2c491a4869ba65a80a37eae6fa9520b1039a4964b3a285376b64bec80b2cd667ad3a56684f6ca0c77210deeb6ce484d2331e3618cf9860f0018f48ce0ca2a8057a7b5aed514da40adf5005c6c175d4379603f6b35c1fffe125ff019cb1928dd679616d4a69c742bdc4f8f7974f9d8c4d4eef3585a38eb2bfcff6628267d65b2b0add7ecc44b6c4331b1ad3a21f7bd8e3ec41d0f454a0b1afcae899e0d966e45fcd1899d887b39e407d53541d7e99673271ed7b36bdfcf82b52d41e50451e30027fc65044f3011ce42ecc93b18937e2071f13849b238db46c0dbb10a201911fe9bc2b5c20dc5906bd2235d19a3a2724b9f7f50fab209532f7f4cb24548126d27837ade3deb746d249da24b9186acce9ba92bd7be04e56f36ef29737b6848cd7602442f1b93a722854795fd41da8c3df93ebf65ab21f528127087fb69b77774f3c1747973719257fa4bff85f7dd4a3c6358eb490120414d0ca31bde80a9629ac8e42dc37cec0bca4be7fad62201a37ff677bdbd5813a16cdc6dd8282886261af41282563af44885deb03ce9623ea6650d2f81b1ca4362e84583d0c8be79786faadd08374d31a465f17bfa00a84f1b369f678e4cbc5513499a1f120dd868a3cb1b1238b7610d9104dfb1fc51d203d146d65fff0e3211ab63711dc2686ddeaccd5931e36c0175fd831219e9310f01796f422cfb5bd553be12019b4ca4959289c858cebd6d82cb16626b853abc0c193193ffe119602cf9055ca11ed6d8f4761b60199488079b348d3653fe07f2c89548bc57dbc2b145dbbac61de117141998879f895ef08f30fe37beb2f506bbe00e162486b4a403e30e9ef0766fb7ac7011c3b82f37ea8fdfacd69bdda021ca3e3a0b6daaf298b41eb7046f30f233e756e4cf19fada1d14424eddadd40d6bb6dee6de633e2605f3e3348a4795f7a4b9da3c5926ccb4e53086df2da3863a842d24c5c6cbd90b1c736d0f31a278516c03dbc177f8ae357e52f348c93f15d99e8b82d231789ffa15910199e8bcf1cf2824884f6994077427dbc27d7deea522bb0c8a659c2b0c2d5ef2b14b71087fc093774e956fbf5c13b698d4408da229d6c09e8c7f38fcff779670c9529a992798d71fc05e0c41cbfc562daf6d1ac39f9dd811e187e43be21adcd1b9c40fc3f72faf1212d1b747481a8194bf0b7c2698314e30c7cc1ac33f08bffb414a51672dffa74c04026b3da7f182e1ef676bc38e18ab59331ce06f614b0fa894b51c0d7af7139d228707817fef21a457b5d989a6d6ff85c1e312c848aa3fc8463766f02e6bf8d57e566bc23", 0x1000) setuid(0x0) setreuid(0x0, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0xc) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000140)={0xa0, 0xffffffffffffffda, 0x5, {{0x6, 0x0, 0x1, 0xd6, 0x5, 0x7, {0x6, 0x0, 0x9, 0x2, 0x160, 0x3, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, r4, 0xfffff101, 0x2}}, {0x0, 0x10}}}, 0xa0) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f00000012c0)=ANY=[@ANYBLOB="1103000000000000071000000000020900000180000000000000c204000000045bc2edc7a7fbcd8113b96413a60609ca0257db2c65ced519b312207adb28a1b838ef225cbe0b5ee859734f1cadd949c6827e76e5f26c376b240f9233f1b3c81b17cf8d887bf191e3ad3c5de9854f97de14fe1314688a22cf73b22e0f4ba83323787676e930d0d7192551e6cb61935d9fd5aae79897e958ddbc8911b85198d5e4253579addf46b5b886a8b2ca52e9b93a9faace5fb81b2853bb412758583ed9a3c2ca01d59ffc567298d3f9680b0d4d5ca4109fa7e8fa845e02489b74ce856319e927159bdc107d00"/260], 0x20) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x15) [ 776.013191][ T28] audit: type=1804 audit(1594038849.324:549): pid=4113 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/450/file0" dev="sda1" ino=15924 res=1 [ 776.024493][ T4113] mkiss: ax12: crc mode is auto. [ 776.084856][ T28] audit: type=1804 audit(1594038849.324:550): pid=4116 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/450/file0" dev="sda1" ino=15924 res=1 [ 776.147185][ T4130] mkiss: ax12: crc mode is auto. 12:34:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:09 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(0xffffffffffffffff, r2) ioctl$VIDIOC_S_MODULATOR(r2, 0x40445637, &(0x7f00000000c0)={0x10001, "5d54e2f9f481f5d8ad721934c4987755722dd2766e2dccbb4743d188dc6c228d", 0x1, 0x63e, 0x7, 0x4, 0x3}) r3 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r3}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) ioctl$KIOCSOUND(r1, 0x4b2f, 0x10001) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000012c0)='pagemap\x00') ioctl$RTC_ALM_SET(r5, 0x40247007, &(0x7f0000001300)={0x2, 0xd, 0x9, 0x6, 0x5, 0xffffff01, 0x6, 0xc4, 0x1}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="24000000180007841dfffd946f6105000a008100fd038b05ba030800030012000200ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}, {&(0x7f00000002c0)="b9034446b446c7b0d56ae8dd8917beab7f1e0f9015e3d5cdb9b9cd850b6489d2a946a2e904ec7d757f3e9b47884025b65ed69f572d7af80772804d1fa5b5e46159e24ef4f1e734921b120b3fc08a56a543c38a0c1c491d3b10d0c1c23984134d2456f8ea0e91c1db6ba76a32f69d033716770945de323507a93f1165f5c46f48aa0b090089668f0d4cd209db7a054a14a831282f6a6f70d095df93866d31fb6b41155541a993e51a0cccd3da5c1c113a26646ebde67cfdb39ca6e23510d24bfb964d4a740b2f6c2a7fb2d0ab605e94b821bdba68542c4fe50d484c75b46d0e00742b111c07522c23be55eb50b43e26625b8ef96158dd1dcfce4ccecf5cb1f5bb66b50f08d49a86a5a2d1cc186f1e497146889d0e664b0d8aca850c68fcf44c9e4ad02c3e1062ecec8c9516a2e062dc6eb9ce981e275f8045cd3a25981c1b295f12c6b7d7b3f068c0af6d4dcf335f1af70760eb18f649c260f7eae825f3d2abd1816b6542440c6b79fa1c2ea91cacd330fbfd9fbf6c8c08a6cdd7dfd656062f3629ca40255caec0bd839ad1f513322259cefaa3e8148779a376d6f4d84f2d34595f51644ba8e1e55a0066b6acacbe17c7cdd472f516547a7eb1f6c0b43a7a091e6865488520c7205691582ff4ed626a21e0bc82c321eb7622e2055a8376b2474ef3c1678872a2131793488ec53d68b2c0491870357bbf6d5477799713a80c7d00051e59fb36f8d97342671fc83867be42170bc5aeb0bd940a03a41a688d3da3ad8b2fafb3a9425b8b39f452f0a12769ccb2462fba3cb7e5e8880bae7dd675ba4a0ea937e4dd00ce1be7be046ecadd424ed1bdae35a07e5101ab55fc0d635255d3fb4ba7a05fbef998cadfc8723cb27e2aef90fc7a261ada2532c7a13a0ea67f7c769de6a3acea0187e4691f67167bbc8e0dc8226d9f55b5323ed1ba76aaf8937b3b1cee95cf481a95b68116b563a6d3771de95e8195c51cf62bc228f030bf0c3b1dc6bf8087d82fe5251b28b6513eb2209571ab26b756cfc995a3be25b95dab142deabd0c2ab0f8c2f4ece1d489c0c6f07f1bf1d1f8e372a9f626cffbf639d4f3d59f591ac961da7a204a54f42fba47a36474db407734ac7619259c309a84635490627fd1de1de814bcd4507ac621f6c56a459703dff92769d48669065db028ddf7c362360c68dba33d745b62bcfdd715d9080a8fc1fad09c68b68e601fc098a804e0c683cf2723f3d3786e6b2badc39b5b99590deb6d49c31ed748c4678950c8fa1bcf0cdd120766bb486a829cea14384b0fbc0e022d2fcfc209013b833fdbce55c49fd55e071565a08ca0eed5c4ef9adb2735e5de92a912809ea70a870e7754e3822ca28e003e16135a6c459d04ef0739bd852c0d8f7ffdbd04f27ebc8175dbead69707d4771352646699d258dbb6790ed1d2d194a4546f99e9c43102bd1a2642e46799b3dd3d730fadd27bba0e00a1c84895706e43df8b70e0ff8e6e39d8af09acf9fc08988a3ecf491a8a9205a544111326a1bd543fca191758c72d0e70e987d1ce0aa6f211bab1634ba76f107072f567f9ddf67abc521cd587046f39fddc34330341889b6e1203887ec6c8dd02b0b3c98e764164312798ede0fca9cf5a4ecb0b4c034f47f983b770c8e9ecd055020e29d50bc4c3fa8f716ac540f7563523e282f3990ed149178ec678cc19c58eac8c03f94053af09c1ba9c9904402b98ebe682c795a3d72a73f14810e3bc053966e5dffd52bd682671deb5947aeb1c8165a51f6131160f176466dc6c08fa791083a40c44365d8aaa52231edd43caeb56f296fd66a21aae3a0af0b09e28d7d535370fa066fc5fcfd46836389e033ac6491e6887c91c489e2904a7989750cd21596e21b4d3b052d7611fe28d6fd3e83d19d32ece205151b61734b6fbece188f4ffef0478a3c6ed199b08e0815f42e0430446114f82c23ed0f5dc9c71cab7bfb6dd62510f737b7535118837a0b8194a2c329313329b6d932978eefbe968a71d9f95c594630f2bfd77b0cd092076259915ae4cc67060e2739f663804cdcc813dce6c0f2bed12b594de6eb1ce1c26978cb16e928d5287c96877a3dd392907c5b104c7f4844090b302ed9a484a3a0d776d0cce3382b4ecda64c4cfe1ba483730650055cc75612e645e46dfd96d6818ef48d548654744e2a23e72ef4adec40db208b9863219cce24434c3c0bba998ba26364e2a18ba3b42f4fd9de6e7c2a27d3b072ace83dbedb4d6abc79be609991754d243fc4445b8bca828662ac5867b5fc7ae9fb728a400a0b4f6a625b01d7b2cee9fa21a41d36c1256a32b8caab5b3fc1950e1e5cc8fa7bff1061e5c65bd9bff39f09866e60f4a0c7b130073e0d2512b4b1ef07044a73ad358c1d3f3920553b095b68e881c97626db51e0e32623055c7e5360a87a3b4c04e565d30f1830e8bd13cbb3baba0422f2e9a5003f171394ce2ef758f62215c1cc8c82d9a9e3ccb1a25b0940c5392ffd044e0fafc7052b81224f948c20fdc5d58bfb09d5f54404b80882f869b23374f68fb3c35a75d6d9fe63431b5d782d569418436524833aae677c84edea1a56db5e062861c5e37b203b97c762c6fb50ff7b78eff5d230fc49d561d6958899073a33c1fcae6c22b02c376a211cee2c6a0508aef1932d2b84de463bf29b305914e250aa3bb6230b01661bca304c4d5da2ae1396971267894c3e354b637e09aff4d5458c3088f2f2303fd55eccd5a4a07889be2fb5f537520556e4125148938c39e12c78b250ed907aa8df135388ab67d8d943a285bcfb91613e38f97a8293a5099f336828d26520d8ef4d84290f2989efcb0b6aba4d0618b2912f2662d1ba7227654f7895cf1a6889a2533c2434f29d1e8f50ffc4157abc979722f38bd0ef60fd54dbd3a334f0498580e1802c6fdf3aa4f24611d8f1ba3592b89c67dc0e3236a1027f00aecadf6256dd3ed3d7952a59529ad45936573b6a782ec1131e983faa337c4e392f3c42c05c90cd4878369ad5605d5d1a17e10c59b996adc65ebe717480ee5332d2e8c211c9711f216c7e33a37aa1b084fd77f23eb59ae1be2d952eeed9566242e660f0d5f5665608fbe61ae1ddb3b082f6ecf2b162c9d14a9be11578f4c41578a23c57d3ba6d1ce09d3b34161689fb37c81cb338a2425bae0d5dba4f751f9a791cc865b64ccc6e0a9e7890e07df40b32789ab82b7ca29f4113329597fad47bc32bfa443425d7b3e3d851d8bebcab028504b2fe5388eeed6c978d1d845694a62c51a4f8a0dfacf3a156fc7969ac3959c1497634088a6e3df54bd02a993ed7e53fc6e920d1593786cb5f24f4645c72cf0b938874c33f087f99dd185a63894faf1258e61e3095f95100a7aab92d7008f84942f52186d504995040d1e8de4a56ed00ed6266d333b7f9f0d1bc36aecb14f6a697f77c0cc020fd940f46888a7ec8b7d8f6b36b6d6ef132a920e4908fee54cf4248b8a1ed1fcad83cae747f221c0185bd21531fb2ed9a2402678a1d7f8e0d63071bdf57ecb200a90f8bcd845908773426edeb27c49ebe0c9bfa4aab6ced98b6318b7441a1e47207d178982895c5b3803bbb7b8ce86b52016c26c7e30e11a90431b8534c599b09fa052c7bee129fe923b4d5e24368fc680240e532e4f66daa372be94d4669ef18a66e23fa9182f8dfa18293bea70ce7d7f25704755a0a643a32af8cdd01e362885df99d09a72bc99beb54daade0fe65824493cedfb578e2da3f6327d392a5d7b8fcdce1970ba6724becab7e334eb707b694c5c0200c8dd09078c6029798099bc01fd5ff13e2d7a14a25a5616769c2d9ff04c53939afeb254321fe20222dd38c20045131508ec3fc2c9dee7e8b890e8ded1340633949df7f791b9dae3dbcd9599b5082c0d8fe9e5dd13035ffddf1216dc122057dbf70ff0ab8fc21aed029ed6f707c3a21292984b34feb9ca27c4a37184a8b03b79379f64986467728be3cefb24cacad5d3c30d7d22721a66e102706b6a7fa87306081f49c9b10ebd1992af5bb58160f9eaf826a15f81343f44ef383264d1334e6c4eb0f8704121a1d5bda13bf87291599aa0d54dee00d5e99d11127cb166c264b75b853c6dc10f017c90179ed42fedc20ec641c0d9906810820747252cb6a53d96b00b7efdc1d3621b24bd92535bbd095eab94b55b5d04faf2368f131129b6efaf3884f4a6055b92dd63a98db5988e1ed939d292ac4657ad44e62b3dcdd30bbfbfa7e0edcf475d0e3a0025e03274d64224c1794265c79f8f00500e091438c324ef787c9a35477c83d6beab1425b65215c0649efc7b291e2e50a4d88ee92299d1ec1a917e97292245554696a01e087298826b595f7cf3367da48611a89e64f04276abbbed5453e4d75c60cd9075fa77654c4b98a6bc0c1fed7096dc9a3c7e4005a4a0c6ff2cc39aec835f0e8052e2e9bdd0f5aa0c3173fcd95aa344575b0e35fdd7ca82efde311c5a1e62aac31b52b98a22988584cea90f6d26b320dd1ef93e41f15d2c1c644c4efde5e8a639b09398e4e6afdf997815ea0e4c8cf23a1179cc055fff52d8588555d1ca116db798f1c3878922f51db35c520671ed4902b2fed57b1a31c80036a278d4e76e44a7cc9ba225307a0f05ac99fe40432570a1497ed0d843ed9e834af127c90981eacb0a1298b5631cf2913c8f9e93fa73eb4b057109e5b0be16f22e9b0c21502edd9b8f2f35aedad959544776110bfde52e7472530ea62d206250f136cd1958721baa5da690fed25f91980058b2e2b76f76aaa29652535c5c3b44367f260def0e6dd4a1ff2152973debfbfde68dc2b127d09328031d62f46f5a437098e687bc289f682125e309c0e447a562f897fe5d8ecd1542c4c6bf9242e14f35dd662900d50ed65e7ff3283917fe8c9e998b93ed1d1a0a0be4e2043297a850da9ab7bfcceec7ebada2d266a6344d40d82e6ff2e2dd8d1e1d5b557ae30f5e62dfc25dcf96888b1e319fc1e3425bf2a1919fb3fbdc2f94705d72d838d53bf80dc67ffb1a6400b8c4fc07882f83d7a2fae04eec1a009894fcf4c10148ede711989698227cf6a400a0e4938fe31f8351c338864950087c6bab6f9beef556bbc6299ba4844b0c23c561e948953368a663c81890c5ce6a677b30e221ca80764ffac7df7ddb88a062839b61f5ac13b8fb59b76e55ae77b1c89c57f63ad10e6c29bb8325202ce20847c8ef9c9b9ba0ce4ecfd736a7168b0ecdd03dcd12675ab47cd29bf846d0f45e2b1e4310ba2a120b2be89e5b55cad7c0dc704a549e8497c900172b4f38850ef2fb9e6dedf4a1b3fadda3d9c4d6731163104522fae29fa93128242b71f4898d548da0a871d6e5781269932d0bef308383b765aa1770e0b2416e7856eddf9c98e382694404f656bfe8b5d57123b18d48a6573bc93dc90ce72ed6affb80361fb62b6d502dedb7488b6ae204c5f5e99e946940a6b39fb90fa914e8838866b15b30bf4c24384611c01f6f65c073c299e5c8717cc40fdfb921d820062aadba405acf50553286427bd62d9d69e037567d10d6fc8bad890d6bdb5cd2ceee87527b76ffa58e632c862ce9abe7c67d02fa362b29c737bc3a43aa41c8c0309ec00d04c16efd2a772ee45e113ab94614d2f3ab288763d5d6c1da630d876f476f1f1e8263b9e52db0114a76f11cd5b5fc1511dcfb3735c38fc7710a57962254201372aa5e303a03796748ddeb608e78cd862409f2e61b22a2e36d379678baf4b8c90b72183158928dc4290a981aca3ffa16f0797389b6fe8d7429e6fb88569005af0bda7059366d43e86c102fb21b7b16872a", 0x1000}, {&(0x7f0000000040)="2c9bc945e48852b9341df55fd852609d5105068a152819ad386054bd82aa1f4a965b687386f2beb44ac82941c11767e8a5", 0x31}, {&(0x7f0000000080)='\v', 0x1}, {&(0x7f0000000100)="5b68e451274744c3c414ae0277cf79fa077afd2c911c9d4efbdf2392270e9bcc7f7c1139d2c775213f66adef18a77f82374d8d98a583d9dea96f24f9b651d3d32bd6785b5a50aede8889b40df44fcf34c9eae77137b78676c582", 0x5a}], 0x5}, 0x0) 12:34:09 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f40}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 776.512926][ T4152] mkiss: ax12: crc mode is auto. 12:34:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 776.571625][ T4152] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:09 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) ioctl$VT_DISALLOCATE(r0, 0x5608) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x23) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 776.613426][ T4152] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:10 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCX25SCAUSEDIAG(r2, 0x89ec, &(0x7f0000000680)={0x7, 0x7}) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) sendmmsg$nfc_llcp(r6, &(0x7f0000000600)=[{&(0x7f00000000c0)={0x27, 0x1, 0x0, 0x7, 0xdd, 0x0, "955d12a6115dac237c493e44f551d93266e75d80a7b655002af83416cc9d19ba02fbe6d66a1124191c25f478560720a20c21699f7e6fa34ca183e0c624f407", 0x1b}, 0x60, &(0x7f0000000040)=[{&(0x7f0000000140)="e0af2919210e63de25725a77244052aa3ee288fb0dfd6639000fc790f0aea1e437ca6ed1b650d17a6aec006440c1835dcffd4796712eebdcfbaf7ba327687700d4f13ec40189bf043c0ecbc651926e36b92a8f0ce76b4b6dbfeb9be311be1772f5edfadabfb0", 0x66}, {&(0x7f00000002c0)="b8923b8a8ff5299a88dd6b8d53bc043ce967bc81e48cdf4d817e0ed73672fd074570de7e35004bcfbad2d82340283a69d141f1007171a6a0fb8944dba273e44dd110356b3f1eb9aa16b9741e179f44a75e561a891eeec078ca8df3b00555c3cd98d7162535", 0x65}], 0x2, &(0x7f0000000340)={0xf8, 0x10b, 0x8, "698b607f743ca6b55e0683cfd848e68b29d6e9b2dc2e7df6af7d81e35c9e5160cf8b72af5f871c3250ee132088736f3ff8a837d9d7b0add86306fa2f0ec21eec6f9d5bd297800ef41ae7c7fe2b54ecdc1be01cad592ba68e9a7d50d64e55a4d5c8962b32f1f8daa6ab74f113a4fd5421f3b30cf8a4c6987aa7adc3a3936990bd305f6b8ee3ba9bbebaf1164c3689a82df5bba4e3389af4043f55c3d3b6c3ae7f37cce8890bf2f26252c8fa43d57e45993e23feed91497e29707730668d3b76ada798a055057570e48d0eccb0b8b5f6aa8f14ca157c3dea4cd859100a419e5f7aa0256b71"}, 0xf8, 0x5}, {&(0x7f0000000440)={0x27, 0x1, 0x0, 0x0, 0x20, 0xe2, "dac82ab5570eb727ff80f428c041a029fe9748b655a47fcfcb1060fadad3b101880caf87fe16ede64b25c799d11c6374f1751dcd02870bcaed57b0b67974ec", 0x22}, 0x60, &(0x7f0000000580)=[{&(0x7f00000004c0)="d4956610f537051126b033c630a79eba75ccc44722691a0bf816ece1640953171ff884f4bf5f1f0c5e8576c293c8bb2782b9dcea3455a0bd38219d24bac8ef7d85369970bde66946c8706563d5f5a6944e20b0aee3778e6ce6daef39f9c3f7e51fd02dc13c668c76ed653bbdee7201f06ac94a4274f92b0f8cbea0fff17579181d77a1918da0d3e288712be426970ac07fa656f2b62bb4609b5f88af3d194605dd53e1e03cac95ecb6546640fb76", 0xae}, {&(0x7f0000000240)="4d89ff1afd54f909aae0073e360f686981536374a6464c6ecbb0e05392c9736442f9d0760c681c51f3cc0f199d", 0x2d}], 0x2, &(0x7f00000005c0)={0x38, 0xff, 0x1, "528c099eeca1e89431a83288a9a01748a3cfe7962e6a98439ae3004c190acc8f1a7c2e32ecbbf7ba"}, 0x38}], 0x2, 0x8000) 12:34:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468972089b302d7bf6023cdcedb5e0125ebbcebdde510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955294ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532af9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a000000002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad897ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2633398631c7771429d120000003341bf4a00fcffffffffffffffe09fec2271fe01589646efd1cf870cd7bb2366fde4a59429738fcc917a57f94f6c453cea793cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d5bc8955778567bc79e13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e59efc71f665c4d75cf2458e3542c9062ecf84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3e90e5c708ce65cd6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e600263d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868c6da7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="e3d0e9d6d9d18e5f39868de363d3", 0x0, 0x99d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = dup2(r4, r6) ioctl$TCFLSH(r7, 0x8926, 0x20000000) perf_event_open(&(0x7f000025c000)={0x2, 0xbb, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x15, 0x10, 0x3}, 0x3c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r8, &(0x7f0000000000), 0x0}, 0x20) dup(0xffffffffffffffff) sendto$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r7, 0xc01064bd, &(0x7f0000000240)={&(0x7f0000000200)="ec487c96d8018129a58ffff02e84514d9378a68d86f267742b80f8631b3cfe49bae88773c2cab0b516e8a1d5", 0x2c, 0x2}) [ 777.182927][ T4174] [ 777.194358][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 777.194371][ T28] audit: type=1804 audit(1594038850.504:553): pid=4171 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/453/file0" dev="sda1" ino=16051 res=1 [ 777.231742][ T4174] ********************************************************** [ 777.252629][ T4174] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 777.273034][ T4174] ** ** [ 777.295594][ T28] audit: type=1804 audit(1594038850.504:554): pid=4173 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/453/file0" dev="sda1" ino=16051 res=1 [ 777.319754][ T4174] ** trace_printk() being used. Allocating extra memory. ** [ 777.351753][ T4174] ** ** [ 777.379740][ T4174] ** This means that this is a DEBUG kernel and it is ** [ 777.407632][ T4174] ** unsafe for production use. ** [ 777.435157][ T4174] ** ** 12:34:10 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 777.465627][ T4174] ** If you see this message and you are not debugging ** [ 777.502605][ T4174] ** the kernel, report this immediately to your vendor! ** [ 777.540326][ T4174] ** ** [ 777.581789][ T4174] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 777.607803][ T4174] ********************************************************** [ 777.655885][ T4171] mkiss: ax13: crc mode is auto. [ 777.669004][ T4178] mkiss: ax14: crc mode is auto. [ 777.680624][ T4176] mkiss: ax12: crc mode is auto. 12:34:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 777.761454][ T4204] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 777.822425][ T4204] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4850441, 0x0) r1 = gettid() r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x400000, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x200, 0x23) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000100)) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x3, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) r6 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r6}, &(0x7f0000044000)) fcntl$setown(r2, 0x8, r6) ioctl$VIDIOC_G_STD(r5, 0x80085617, &(0x7f0000000040)) close(r0) 12:34:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe9, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x4}}, 0x10) 12:34:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 778.056787][ T28] audit: type=1804 audit(1594038851.364:555): pid=4217 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/454/file0" dev="sda1" ino=15845 res=1 [ 778.094038][ T4179] mkiss: ax12: crc mode is auto. [ 778.133912][ T4217] mkiss: ax12: crc mode is auto. [ 778.175028][ T28] audit: type=1804 audit(1594038851.424:556): pid=4221 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/454/file0" dev="sda1" ino=15845 res=1 12:34:11 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = dup2(0xffffffffffffffff, r6) ioctl$TCFLSH(r7, 0x8926, 0x20000000) write$P9_RLOPEN(r7, &(0x7f0000000240)={0x18, 0xd, 0x1, {{0x0, 0x3, 0x4}, 0x2}}, 0x18) r8 = fcntl$dupfd(r4, 0x0, r4) r9 = dup2(r3, r8) ioctl$TCFLSH(r9, 0x8926, 0x20000000) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r9, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000ffd8df25084c543257b3ee650057000000000008000300000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0xc000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) r10 = creat(&(0x7f0000000040)='./bus/file0\x00', 0x0) r11 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0) linkat(r10, &(0x7f00000000c0)='\x00', r11, &(0x7f00000002c0)='./file2\x00', 0x1400) [ 778.259505][ T4217] mkiss: ax12: crc mode is auto. 12:34:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:11 executing program 2: r0 = gettid() r1 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r1}, &(0x7f0000044000)) prctl$PR_SET_PTRACER(0x59616d61, r1) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x7d) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000840)=[&(0x7f0000000a80)='\xa11\xc2\x1fQ\x88\xebH\xe7\xcf/\x83\xb3+\xc5\xa0\xa6\xbf\x85\xf0;\xea\x8a\xd5b\xb0\xe7=\xf41\xf5\xb4\xb9\aPk\x94csn\x8bu\bHD\x06\f\xccU\x19\xaa\xe0\xed\x85\xb1%\xd8\x82\xaeW\x8764\x93\xb6`\x90\xb1\x1d\xd6\x91\x9a\xf5I:=\xd9\x98\t\x03\x13\xa4f\x13\xeb\x11\xd5\x17J]\x8b\xc18v\xfc\xa9\xcb|\xd4\x1a\x91\x81c\xeb\r|\xdbo\xa8?\xa8\x192\t\x10\x1bhGZ\xc0\xe7\xc3{b\xc0Z\xe5&\r\n\x858\x94V\x9f\xbah\x8f\x91\xa4\x8a\x90\xa7\x10\x85kYh\xb6\x0f\t0-\x9f@\xc2\xbbR.>\xc5;\xceJ\x14QJ0CrCP\x1e\xea\x8b\xc3z\xb8\x7f+\x94LV&\x8e\xce\xecA\xd6\x12#\xdb\x90\xf9\x9d\x03T\x89[G\xa8\xa4\xa9\xa7r\xd8x(\x9dv9\x16\x1dH=\x82?>-\x84R\x11\x94\x17\x01\x03\xc4\xa3\xb3?\xecyq\x86Y', &(0x7f00000002c0)='cpuset\'\x00'], &(0x7f0000000380)=[&(0x7f0000000480)='\xa11\xc2\x1fQ\x88\xebH\xe7\xcf/\x83\xb3+\xc5\xa0\xa6\xbf\x85\xf0;\xea\x8a\xd5b\xb0\xe7=\xf41\xf5\xb4\xb9\aPk\x94csn\x8bu\bHD\x06\f\xccU\x19\xaa\xe0\xed\x85\xb1%\xd8\x82\xaeW\x8764\x93\xb6`\x90\xb1\x1d\xd6\x91\x9a\xf5I:=\xd9\x98\t\x03\x13\xa4f\x13\xeb\x11\xd5\x17J]\x8b\xc18v\xfc\xa9\xcb|\xd4\x1a\x91\x81c\xeb\r|\xdbo\xa8?\xa8\x192\t\x10\x1bhGZ\xc0\xe7\xc3{b\xc0Z\xe5&\r\n\x858\x94V\x9f\xbah\x8f\x91\xa4\x8a\x90\xa7\x10\x85kYh\xb6\x0f\t0-\x9f@\xc2\xbbR.>\xc5;\xceJ\x14QJ0CrCP\x1e\xea\x8b\xc3z\xb8\x7f+\x94LV&\x8e\xce\xecA\xd6\x12#\xdb\x90\xf9\x9d\x03T\x89[G\xa8\xa4\xa9\xa7r\xd8x(\x9dv9\x16\x1dH=\x82?>-\x84R\x11\x94\x17\x01\x03\xc4\xa3\xb3?\xecyq\x86Y', &(0x7f00000003c0)='[\xa3\xb60\xf8cmd5su\x00', 0x0, &(0x7f0000000340)='@\x00']) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 778.327633][ T28] audit: type=1804 audit(1594038851.554:557): pid=4238 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/454/file0" dev="sda1" ino=15845 res=1 12:34:11 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/25, 0x19) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 778.406225][ T4246] mkiss: ax12: crc mode is auto. [ 778.476649][ T28] audit: type=1804 audit(1594038851.564:558): pid=4217 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/454/file0" dev="sda1" ino=15845 res=1 12:34:11 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002300000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x64}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r2, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r3}, 0xc) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r4, 0x4) ioctl$FITHAW(r0, 0xc0045878) bpf$ENABLE_STATS(0x20, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0}], 0x1, 0x0) [ 778.693762][ T28] audit: type=1804 audit(1594038852.004:559): pid=4264 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/455/file0" dev="sda1" ino=15786 res=1 12:34:12 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 778.785033][ T28] audit: type=1804 audit(1594038852.004:560): pid=4269 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/455/file0" dev="sda1" ino=15786 res=1 12:34:12 executing program 4: r0 = getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) r4 = fcntl$getown(r3, 0x9) rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x1e, &(0x7f00000000c0)={0x1a, 0x7f, 0x6}) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x2, 0x1b071, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x1ff) r5 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x11, r5, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000)='l2tp\x00') ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 12:34:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:12 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = dup2(0xffffffffffffffff, r2) ioctl$TCFLSH(r3, 0x8926, 0x20000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x14, r5, 0x821}, 0x14}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) dup2(r6, r8) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 779.105968][ T4288] mkiss: ax12: crc mode is auto. [ 779.173794][ T4294] mkiss: ax13: crc mode is auto. 12:34:12 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d01}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 779.301549][ T28] audit: type=1804 audit(1594038852.614:561): pid=4294 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/456/file0" dev="sda1" ino=16195 res=1 [ 779.388054][ T28] audit: type=1804 audit(1594038852.614:562): pid=4302 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/456/file0" dev="sda1" ino=16195 res=1 [ 781.018591][ T398] tipc: TX() has been purged, node left! 12:34:14 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6400}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:14 executing program 2: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000240)='./file0\x00', 0x4000000000, 0x2, &(0x7f0000002280)=[{&(0x7f0000000100)="800000003804000019000300e60100006c00fec9000000000100000001000000000700000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000000140)="fcba5820c3ef1b77e8a23dd18b16961616356dd7fdeb89769b12def3b6cfd1ab4505524f78c1aa2bf4de120e650f04d278edd8006ad9f89c8b6d8ed96e63d878ff15074525d84e21090fcf500adea45e5683baf409b890f14dec72b7819a765b1f523b740006fa097ad63376050c8f865b5ffbd88b998d1665f951439c15e32429223f310ee8e4d1652b156fd2a1b1c7deec970e41e7a4", 0x97, 0x6}], 0x804803, 0x0) r1 = socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}}, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000000)={0x1, 0x70, 0xfd, 0x0, 0x20, 0x4, 0x0, 0x3, 0x8, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0xffffffff, 0x8ca}, 0x11004, 0x4, 0x0, 0x1, 0x7fffffff, 0x5, 0x4}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x6a, 0x0, 0x1, 0x0, 0x0, 0x20040005}, 0x4040040) r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control\x00', 0x80000, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r6, &(0x7f0000000200)={0x22, 0x3, 0x0, {0x4, 0x1, 0x0, '/'}}, 0x22) r7 = syz_open_dev$vcsa(0x0, 0x0, 0x208000) write$USERIO_CMD_REGISTER(r7, 0x0, 0x0) 12:34:14 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) flistxattr(0xffffffffffffffff, &(0x7f0000000040)=""/41, 0x29) perf_event_open(&(0x7f00000001c0)={0x4, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x600}, 0x0, 0x4, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x1) close(r0) 12:34:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 781.770150][ T4355] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem 12:34:15 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6c01}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 781.954343][ T4355] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 782.001739][ T4361] mkiss: ax13: crc mode is auto. [ 782.051558][ T4355] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 12:34:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 782.199605][ T4355] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 782.314066][ T4355] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 782.641130][ T4355] mkiss: ax13: crc mode is auto. 12:34:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:18 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x1) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000240)={&(0x7f0000000100)="12c4c802a0d55ab657b39d15652bad7732488e28c5fb074febe7fb4390625b973fa5451a3a7634acf1bb1459e26050662574a4f90564c82dc5a1e583b1514e9620d883da1e590018e0a025e853e836c3a822cceffa28b2677e14f8a759a1e03faa74ee6cfa827708b871af2a62f57852085e5bd4279360d44a9262d2a20efb4aa7830c3584b32b1a3951c9d4680ea2f069f33cbe577fd502a1e2046e87a93172c8859753734a751211392423fc5118", 0xaf, 0x2}) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$sock_inet_SIOCGIFADDR(r5, 0x8915, &(0x7f0000000040)={'veth1_to_bridge\x00', {0x2, 0x4e21, @private=0xa010102}}) 12:34:18 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x880, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000040)={0xffffffff, 0x800, 0x8, 0xffff, 0x65, 0x55}) r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x60, 0x80000) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x200a00, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000180)={0x3, 0xfffffffd, 0x43, 0x80, [], [], [], 0x2, 0x6, 0x3, 0x501, "f53c00cf2faba517d491798e8e05cced"}) r3 = gettid() move_pages(r3, 0x8, &(0x7f00000002c0)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000300)=[0x10000, 0x7, 0x4, 0x1, 0x10000, 0x4067], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x6) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/dlm_plock\x00', 0x1, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000e00)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000ac0)=@newtaction={0x2e4, 0x30, 0x800, 0x70bd29, 0x25dfdbfe, {}, [{0x1c8, 0x1, [@m_ctinfo={0x8c, 0x8, 0x0, 0x0, {{0xb, 0x1, 'ctinfo\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x1f}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7fff}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x200000}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x1}]}, {0x3d, 0x6, "6e7375cfa7443e6b7d9fd8ca368d4381de533dfe52769d7b622a27514821890943731840fcb0a272bc1c99901c641655564cf6de632c0cf067"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_vlan={0x138, 0x13, 0x0, 0x0, {{0x9, 0x1, 'vlan\x00'}, {0x54, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x1f, 0x800, 0x3, 0x0, 0x8000}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x1b}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x2}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x8, 0x3, 0x20000000, 0x3, 0x71f}, 0x1}}]}, {0xba, 0x6, "6374a8ef653cc7482cd4ad10ef6d29cc54a467268d2f3c14a5cb9421f3b5b0287d0191267e304a32e2adac4f347d8f092e2300ebef84042b9414ca06bdee26f527ce78e005a2474fe39c2ff804a4e07ac5904e07d059707e6325fca80fa8dba384caacb60065d91914eff9c9509fb370e7833cb6f443c4297dd2a241b3eb0a455614cb179759e3723f3306ed012bebb9612b74bae0ed692d79be8b1e978c73707dcdc2eacc8c130c5b659808089f7ea9ebd0b2ddbb47"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}, {0x108, 0x1, [@m_sample={0x104, 0x2, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x64, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x7}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1, 0x7ee0, 0xffffffffffffffff, 0x6, 0x1}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xffffffff}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x9}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xffff}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xd498}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x80000000, 0x6, 0x4, 0x8}}]}, {0x76, 0x6, "fc7ffba2b8e54f95b39e4ed6c0880055b89e29fdc6e96f13deab764a85dfeecfb69e5e02bf12283f8ec87a2172e39cf3b45fe6c2913e4744a88b6893f9840ac387558ff7459e03fa5edc172d9d0903be9623a174eed9694ee1facedb34c8fa3e84f3864350ea2e66295c1ec7e14edc0421c4"}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x20004000}, 0x4050) syz_genetlink_get_family_id$smc(&(0x7f0000000e40)='SMC_PNETID\x00') r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000e80)='/dev/dlm-monitor\x00', 0x800, 0x0) getsockname$l2tp6(r5, &(0x7f0000000ec0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000f00)=0x20) r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000f40)='/dev/nvme-fabrics\x00', 0xa4c03, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r6, 0x8010500d, &(0x7f0000000f80)) pipe(&(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_CLEAR(r7, 0x401070cd, &(0x7f0000001000)={0x9}) read$alg(0xffffffffffffffff, &(0x7f0000001040)=""/120, 0x78) modify_ldt$write2(0x11, &(0x7f00000010c0)={0x7, 0x20001000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000001100)='devlink\x00') 12:34:18 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c15}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:18 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x408400, 0x0) ioctl$VHOST_SET_VRING_NUM(r4, 0x4008af10, &(0x7f0000000100)={0x2, 0xff}) r5 = fcntl$dupfd(r3, 0x0, r3) r6 = dup2(r2, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) fallocate(r7, 0x60, 0xd18, 0x2) recvfrom$l2tp6(r6, &(0x7f0000000040), 0x0, 0x10022, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x20) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x3, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:18 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000080)="0f0147d1d1861900000f23c80f21f8350000e0000f23f8b9190b0000b8ba690000ba000000000f308fe938028d2f000000f30f2cc0b805000000f9e0a264df0f01c166ba4300ecc744240000000000c7442402bc0c0000c7442406000000000f011c24c4c11972d000", 0x69}], 0x1, 0x0, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000240)={0x0, 0x800, 0x199, 0x6, 0x2, 0x8090, 0x201, 0x137, {0x0, @in6={{0xa, 0x4e22, 0x2, @private1, 0x800}}, 0x2, 0x6, 0x1000, 0x3f}}, &(0x7f0000000340)=0xb0) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000001c0)={{0x2, 0x4e23, @loopback}, {0x306, @multicast}, 0x4, {0x2, 0x4e21, @loopback}, 'bond0\x00'}) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000003c0)={[0x834, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7fffffff, 0x0, 0x0, 0x0, 0x1, 0x4, 0xffffffffffffffff], 0x6000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) io_setup(0x0, 0x0) 12:34:18 executing program 2: r0 = syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000280)=ANY=[@ANYRESOCT], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x202801, 0x0) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000040)={r6, @in={{0x2, 0x4e20, @private=0xa010101}}, 0x8, 0x1000, 0x1, 0x9, 0xe7}, &(0x7f0000000100)=0x98) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r7 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x8002, 0x2000) write$nbd(r7, &(0x7f0000000400)={0x67446698, 0x1, 0x0, 0x1, 0x4, "9780cd468feb5d19733f213db495f880798e8241708577dc99cee52ef235e7b10eacac04b447378b6c8920d1eba68d9aac8d9162258c0e78d0d0690a0ffb760abce25fb66a1977af5193dd10dbe5db222bf524c58f924d7c79e9652e347f8761721366371afc9fcebca0ca3f500972f5e5d4"}, 0x82) [ 785.440530][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 785.440545][ T28] audit: type=1804 audit(1594038858.755:565): pid=4467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 12:34:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 785.494896][ T4463] mkiss: ax12: crc mode is auto. [ 785.540337][ T4467] mkiss: ax13: crc mode is auto. [ 785.612963][ T28] audit: type=1804 audit(1594038858.825:566): pid=4467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 [ 785.673112][ T4467] mkiss: ax12: crc mode is auto. 12:34:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 785.739805][ T28] audit: type=1804 audit(1594038858.825:567): pid=4467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 12:34:19 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x100000, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000040)=0x0) tkill(r3, 0x2b) 12:34:19 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$VIDIOC_G_CTRL(r5, 0xc008561b, &(0x7f0000000040)={0x9, 0x5}) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 785.863743][ T9010] usb 3-1: new high-speed USB device number 30 using dummy_hcd 12:34:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 785.904967][ T28] audit: type=1804 audit(1594038858.945:568): pid=4463 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/458/file0" dev="sda1" ino=16345 res=1 [ 785.986874][ T28] audit: type=1804 audit(1594038858.945:569): pid=4475 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/458/file0" dev="sda1" ino=16345 res=1 12:34:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 786.096558][ T28] audit: type=1804 audit(1594038858.955:570): pid=4467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 [ 786.150227][ T4520] mkiss: ax12: crc mode is auto. [ 786.188120][ T9010] usb 3-1: device descriptor read/64, error 18 [ 786.204140][ T28] audit: type=1804 audit(1594038858.965:571): pid=4467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 12:34:19 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 786.318345][ T4531] mkiss: ax12: crc mode is auto. 12:34:19 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x3}, 0x41618}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x4) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 786.376747][ T28] audit: type=1804 audit(1594038858.965:572): pid=4471 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/426/file0" dev="sda1" ino=16347 res=1 12:34:19 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x80000000000, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 786.608336][ T9010] usb 3-1: device descriptor read/64, error 18 [ 786.723228][ T28] audit: type=1804 audit(1594038860.035:573): pid=4558 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/428/file0" dev="sda1" ino=16333 res=1 [ 786.760775][ T4470] mkiss: ax12: crc mode is auto. [ 786.831742][ T28] audit: type=1804 audit(1594038860.035:574): pid=4561 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/428/file0" dev="sda1" ino=16333 res=1 [ 786.901763][ T9010] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 787.198104][ T9010] usb 3-1: device descriptor read/64, error 18 [ 787.604337][ T9010] usb 3-1: device descriptor read/64, error 18 [ 787.755561][ T9010] usb usb3-port1: attempt power cycle [ 788.389958][ T4470] mkiss: ax12: crc mode is auto. [ 788.538011][ T9010] usb 3-1: new high-speed USB device number 32 using dummy_hcd 12:34:21 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x24000844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg(r0, &(0x7f0000000680)={0x0, 0x13000011, &(0x7f00000000c0)=[{&(0x7f0000000080)='f', 0xffffff1f}], 0x2, 0x0, 0x0, 0xf00}, 0x7ffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ff0900bfa700000000000024020000200100ff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000000704000000000000b704000010000020b86a0700fe00000000850000002f000000b70000000a0000009500001b130150c62f164f09060000000400000013a82319aab9d611f5969f62c28b22756bedf3cf393d14c46cc4f716da4f0de8163f6242fa7323f1740637c48468766a1841439fce41f144631ac262dcae18c3d1a1fbdaf6a514b234585af7c0343185089a0f119e31975e551558050400ff0498dc4ea1d75d3066d52dbb55d0e331a5fb33abadd3a0c218078be8d75aabad71bfc70281251ab136740a4781353d114e024762f07612b1c3d686f1264c8fc62e06000000fdbcc226f236b2b017b569762fa39884bd1dc08eb9d6c91b9364b7bcf572d0cb61794986339f88ed8e92ce1bdc2fc568652ea4e96ceb14693c84382d3b09a1000000000000000000000000ae8d804b53c7e864d994800486ce4d2f3b58a947ef31f1d41d2b16454add03e2aec5f9c93f9d3e43a52d2c615cdd265e649c770cfa9b47b812c79bf0a685ce152bc4fdb7c49e5c4643ff8902de09ff8fe5709f06f2dcc31cc400"/466], &(0x7f0000000280)='GPL\x00'}, 0x48) r2 = socket$kcm(0x11, 0x8000000002, 0x300) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) dup2(r3, r5) r6 = accept4(r5, &(0x7f0000000200)=@nfc, &(0x7f0000000040)=0x80, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r6, 0x1, 0x1, &(0x7f0000000100)={0x80000000}, 0x4) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r1, 0x4) 12:34:22 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') recvmmsg(r2, &(0x7f0000004d80)=[{{0x0, 0x800c, 0x0, 0x0, 0x0, 0x50080000}}], 0x58, 0x1200a, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="03070006000800fdff001900000004000180"], 0x18}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x4000000) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:22 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) getsockopt$XDP_STATISTICS(r5, 0x11b, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x18) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:22 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000b}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:22 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}, 0x1000a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) fcntl$dupfd(r1, 0x4bfa71fe811a895f, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x303240, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000300)={0x0, 0x6, 0x1f, &(0x7f00000002c0)=0x3f}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a8, 0x3d8, 0x9403, 0x0, 0x0, 0x2c0, 0x3d8, 0x3d8, 0x3d8, 0x3d8, 0x3d8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8, 'recent\x00'}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8, 'recent\x00'}, {0x0, 0x0, 0x1, 0x0, 'syz1\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x508) listen(0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYRES16=0x0, @ANYBLOB="00032bbd7000fcdbdf25aabd03000000e80008802c0007800800050018783104080005003942b62b08000500830379280800060022000000080006009700000044000780080005008adf104708000600170000000800060029000000080006004f00000008000500f35aef6508000600a7000000080006009b00000008000600ba00000014"], 0x1dc}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) setxattr(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000000c0)='ve\x05\x00\x00\x12\xbdw\rx\x00', 0xb, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xf], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(0xffffffffffffffff, 0xc0884123, &(0x7f0000000000)={0x0, "3df3bc459452b88a1fc35761c9d4bbfbb6cae9b1e3762503d43e5223dc72585a04fb26fdc0d5e1c98c167c70a5bea191dedce4db4491eff630fc22850c152162"}) [ 788.678059][ T9010] usb 3-1: device descriptor read/8, error -71 12:34:22 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) dup2(r1, r3) bind$x25(r3, &(0x7f0000000040)={0x9, @remote={[], 0x3}}, 0x12) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="58000000020605010000000000000000000000000c000780080013400000000005000400000000000900020073797a300000000005000500020000000500010006000000110003"], 0x58}}, 0x0) [ 788.803069][ T4628] xt_TCPMSS: Only works on TCP SYN packets [ 788.836825][ T4625] mkiss: ax12: crc mode is auto. 12:34:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 788.908247][ T9010] usb 3-1: device descriptor read/8, error -71 12:34:22 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7d000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 789.084855][ T4625] mkiss: ax12: crc mode is auto. 12:34:22 executing program 4: ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r0 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000200)=r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r2, 0x0) getpid() r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000380)) syz_emit_ethernet(0xe, &(0x7f0000000280)={@broadcast, @multicast, @void, {@generic={0x806}}}, &(0x7f00000003c0)) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0xd81, 0x0) ioctl$TUNSETVNETBE(r4, 0x400454de, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r5, 0x0) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r6) 12:34:22 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000044000)) r3 = gettid() setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, &(0x7f00000002c0)="8dcaaf47745b68bf195ab1f86e157e243d15a9b763ff2252b260d8feb978ca92f71e5c1dee6d2767c52c72f572758a9e7d4bf7c18e74c56124fa5cbbd1217f4f40ca60956878201951fe46b8b2e89eba2071cd139ddb6f788978c2ae5deeb0bfac2c05ea58a086c9f0a176a44471fe084d78d6105b51b12d1cc0b37f8c39ae44fe418d236f7cb88ccaf52213fd53c6924b7b9868cc7981b61f347004823b2550eef396ec7ecba15a320a2c438eab3b125a15b82359821e5f85b6563896045b6cf9ea3c08a18f79971e98dcec3ddaae4390276b820ed74bb60a07af38c7b56dce03084893", 0xe4) timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r3}, &(0x7f0000044000)) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x4, 0x0, 0x0, 0x0, 0x2, 0xbe21, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff800, 0x0, @perf_bp={&(0x7f00000000c0), 0xa}, 0x50, 0x4}, r3, 0x4000000, 0xffffffffffffffff, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 789.160550][ T4660] Can't find ip_set type [ 789.164490][ T4645] mkiss: ax13: crc mode is auto. 12:34:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:22 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$EVIOCGID(r4, 0x80084502, &(0x7f00000000c0)=""/215) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x10) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:22 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0xfeef, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r5, @ANYRES16=r1, @ANYRES64=r0], 0x14}}, 0x0) 12:34:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 789.438639][ T4682] mkiss: ax12: crc mode is auto. [ 789.452152][ T4684] mkiss: ax13: crc mode is auto. 12:34:22 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f00000000c0)='./file0/file0\x00', r0}, 0x10) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = dup(r0) write$FUSE_POLL(r2, 0xffffffffffffffff, 0x0) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x3, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0/file0\x00', 0x101) close(r0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2, 0x0) 12:34:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 789.569178][ T4682] mkiss: ax12: crc mode is auto. [ 789.664840][ T4684] mkiss: ax12: crc mode is auto. 12:34:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x0, 0x1) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}, @in6={0xa, 0x4e20, 0x0, @private1, 0x7fff}], 0x38) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x800}, 0x8) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') fsetxattr(0xffffffffffffffff, &(0x7f00000002c0)=@random={'system.', 'batadv\x00'}, &(0x7f0000000300)='batadv\x00', 0x7, 0x3) ftruncate(r3, 0x200002) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8) sendfile(r1, r3, 0x0, 0x80001d00c0d0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffde, 0x3) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000140)=ANY=[@ANYBLOB="56411dbd28412ba0fc890eff0c26bbb38b4e6b0699dd6bc188230000ff00002dc80f0a501c4545f22d1c418096d43f88afaa8ecd7e8110a9b6b60000000000005d5bcd46e16d3cd80665bf44298b99e5dae602c074919267f991defc"]) [ 789.706390][ T4675] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 789.766816][ T4675] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cccd7cc7 [ 789.821480][ T4675] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 789.858641][ T4675] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cccd7cc7 12:34:23 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 790.486296][ T4672] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 790.507297][ T4672] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cccd7cc7 [ 790.626472][ T4672] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 790.651180][ T4672] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cccd7cc7 12:34:24 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x20400) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000030000de0000000000a5000095002b000000000040437802591c73c3190b8e677abc3b3e9bafb4a34045d587d48b71b63efe8df7cf77c6584895b7cd665f186a1b327bf878b663e952a938fdfe00599d7762acb706ba8000000093789f8207c5909e4f76019639cdb3dd039683f23558decd51f929b922dc21c8c454bad1559ad0b9af531c996eccadb0973de0253e34df4fef33910bdd45097c80b449ed160b75e87cbbfa657e9efac279016a5e54e73fc1000000283430b22f09d7c3ead799a7059a613d4630634a96289626622203526407323b0de2ea0a5e0649a1d100e067a80e592c3ae3312a2affdb84e4cc86627edda52c7d244e00f7dd78906e3c2b5ef17c4b2b923f8b3204c59a5fd21b553ed8ba1b8f12bdbbe3b5c8792b1bb58e769dfea88b388e7dcc7e039a67a7135e072a4de545f5e312ca9481474264c8158c8736df9cc47c7709000000bdbd33017b875e680d11a64b92dbc12af4b39805768fbfc8507b10dccdac8300000000000000000000d033fb9a84c8a4c1f3c009bf15ba3c6f7901b91a4c957a39272f800000009c15a1ab1c8057e2e5903ac93f83ca26ee4a2dde00000000000000000000000000000000000000000000000000000000000000000000000000f1ff0000000000000000bb3fa0ae0b6b034cfc4684f18226e1a6bc5960b40bb26019cbee1e80ce7fc2f473ae69122c162f9cd8a1ae72b4a77583cd8da1ca814feedea17f2302f61f29f91572108fe6f5dc14289d0bd6798e9bd32ec9020242d4b368e3023e72edfc901c8dc3b4082f4ad37e10331eecab0beb070c0e8ea11f2feadda8744e51a7ace55a7b6a3ad806b751b897479051e4cb2caaf66225318694839efcbae17e30dbc8b18b45f83e2e0dd4f4a7fd92994b5b203b4f195fdd3b0c49e605f6a16f2bbc02d88ff8623f0c42d8c97d7e049f279fab306faa4459c8a3a284961f5f5ce0c189389c8cb1eae115acd9cfee1c1c15ec9ccf8e381220093f43054a4f660000f3bdd664ae174df31a517732124106d9ee74b8c29923e95bf2bf6f060b17f6283946a7bd7ecc47e82210504ab31b2fd38ae4217c816c38241a47094fc36857f6b73f804972bc2b37018447fbb66928bf308db159b7eb085244ef8f419dd684ee47505a3463e1c5bf0fcb2e88ab8cf8ba39d289bc974ae706afd1d668aff8fea775ce30e616fb7e348ae4310c6ba997a7aab8"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4}, 0x26, 0x10, &(0x7f0000000000), 0x10}, 0x78) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) connect$rose(0xffffffffffffffff, &(0x7f0000000180)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000001c0)={0x0, 0x4e, "d408ccf402a75a59037a850f2ddbb5a953bd60765dbfed98761542a52ea79106215f020bb5f4104cc717f27e56c4d614f18e8095de360e93d5e4c871074a7ae7f0ae253083f763ceb120ad938653"}, &(0x7f0000000240)=0x56) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000380)={r0, r1}) 12:34:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:24 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x10000, 0x0, "1d9b0000000800000000004c0c00"}) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="b7cb9edb1981fef53846e70f2444fc76fdf6b33f964a74ffffff7fffffffff83ddd072bcea5afbff11aa58e58b081556c31beeeff913"], 0x8d) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x4625, 0x0, 0x0, 0xbffc, 0x0, "7f8df0f8ffffef00"}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x80080, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000280)) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000200)=@v1={0x0, @aes256, 0x0, "ec59529bcaef0b26"}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r1, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={0xfffffffffffffffd}, 0x1, 0x0, 0x0, 0x40}, 0x40) r6 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r6, 0x5412, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "000000000000000000000010000000001000"}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000000240)={0x2, 0x4, 0x1, 0x8, 0x39}) 12:34:24 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3e8000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:24 executing program 3: r0 = gettid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000280)={0x2, r0}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x43) close(0xffffffffffffffff) 12:34:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:24 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2cd, 0x3, 0xffffffff00000000, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x1) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x204000, 0x0) ioctl$TCSBRK(r2, 0x5409, 0x4) [ 791.028006][ T4773] mkiss: ax12: crc mode is auto. [ 791.083860][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 791.083874][ T28] audit: type=1804 audit(1594038864.395:587): pid=4776 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/431/file0" dev="sda1" ino=16364 res=1 [ 791.110415][ T4773] mkiss: ax12: crc mode is auto. 12:34:24 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:24 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0xf0000000000e803) [ 791.192093][ T28] audit: type=1804 audit(1594038864.395:588): pid=4784 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/431/file0" dev="sda1" ino=16364 res=1 12:34:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:24 executing program 4: r0 = socket(0x10, 0x80002, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xd0000, 0x0) r2 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r4}, 0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={r4, 0x7ff}, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c000000100005040100"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c000280050024"], 0x3c}}, 0x0) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x1010c0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) r8 = dup2(0xffffffffffffffff, r7) ioctl$TCFLSH(r8, 0x8926, 0x20000000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)={0x50, r10, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0xa, 0x6, 'lblcr\x00'}]}]}, 0x50}, 0x1, 0xa00000000000000}, 0x0) sendmsg$IPVS_CMD_GET_DEST(r8, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x38000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x90, r10, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1b}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x42, 0x4}}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x800}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000014}, 0xc009) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x40, 0x1, 0x4, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0xeca9}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x20}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x1}, @NFULA_CFG_MODE={0xa, 0x2, {0x3}}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7ff}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000040}, 0x2004c014) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924924924923aa, 0x0) 12:34:24 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:24 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) close(r2) [ 791.472108][ T4817] mkiss: ax12: crc mode is auto. 12:34:24 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000580)='/dev/swradio#\x00', 0x0, 0x2) r1 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x100, 0xb, 0x4}) ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000240)=0xb) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = dup2(r3, r5) ioctl$TCFLSH(r6, 0x8926, 0x20000000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) getsockopt$sock_int(r7, 0x1, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x0, 0x6}) r8 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ppoll(&(0x7f0000000080)=[{r0, 0x100a1}, {r1}], 0x2, 0x0, 0x0, 0x0) 12:34:24 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:24 executing program 2: flistxattr(0xffffffffffffffff, &(0x7f0000000040)=""/45, 0x2d) prlimit64(0x0, 0x2, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x10000024, 0x0, 0x6, 0x0, 0x101}, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x20000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x40, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x40a02, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(0xffffffffffffffff, r0, 0x0, 0xffffa88f) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x27, 0x0, 0x11}, 0x8001) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0xffffffff, &(0x7f00000002c0)="6950ba083e3df322f10ef57332926f53c9832186a3a8420aff16b90741a53730f932cef1984313c63208ed757f276a1eb898e2f9af27171c905c0fe22789628dfd8dc7af4d7eab53d7d9270b14c924eed3c412bac464f42d69a9ad0839d85326d6d319c3477d47e439a65c2f246fa66a2dbe7244a5b8c42c472f8b88dd5a48821e937003098c64a443496bc3bfd8afd5b3e423a8d493806b7b7552d3d8e7db210eb08e1b13a348b13cb21bbd44b0c95ce16f3cdaefd1dc223fe0c385cccebe12b8cb030718853bd3b6ec048fb6329826") pipe(&(0x7f0000000000)) ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000140)) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x4001fe) ioctl$RNDZAPENTCNT(r2, 0x5204, &(0x7f0000000100)) syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_tables_targets\x00') [ 791.630148][ T4838] mkiss: ax12: crc mode is auto. [ 791.663440][ T4817] mkiss: ax12: crc mode is auto. [ 791.670816][ T4831] mmap: syz-executor.2 (4831): VmData 18685952 exceed data ulimit 9. Update limits or use boot option ignore_rlimit_data. 12:34:25 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008106e00f80ecdb4cb904021d65ef0b007c09e8fe55a10a0015000400142603000e1208000f0000000001a800160004000500e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) syz_mount_image$exfat(&(0x7f0000000040)='exfat\x00', &(0x7f0000000080)='./file0\x00', 0x1, 0x3, &(0x7f0000000440)=[{&(0x7f0000000200)="6611b7b3b2fb8b4c2935557618e56dd22252e6325c91e79ca5ce47e93d84ebda3c43ca3588e324d3d37ddce5309d59dd199f832980c28f8443072893b3781ad324c1751a735e5609c7e2a74f5f55c580fe568de6fd670b870314268306014a7962e0e13c083a60ca42e1e999e8f3493ee47522feed6a1c69513b1a23cd6a904486da8d5f65d06b00915a924fd3fd2dcc629afe4128f602abc8", 0x99, 0x8001}, {&(0x7f00000002c0)="f3452b5ec11982e7bb8a45ed5d8fea7e65ad7f0f2e19846c70f74be91ffeef8a1dc921a77b4059d80ffdd3c1538d7703559c8703e53b5e7ac70ee423f6784481541a64e3185818806a9596877892791f72da99aeeeb396ebc936776958f969688f0809f4408d", 0x66, 0xfff}, {&(0x7f0000000340)="d1914a92b9c4168c4e46b35deffbaf01f42ea865a316c416ce7cd7b76b76e02dd0e66e11eec9b82300ac456c306eb46e053e3e58bb07e24d4c641fd960a7362d3bd67464ac79b8c72d463187e03529cc6288ae8c6da73a8cfc57d7573b57b8048db3f562ddb736c920ba6c44b34389334f61a94416d320e4cd738dc1d4bce9fa990973cda0faeba920388e9ecfa505b6cd222030931fa99033f3bbaa9e6bf038c3f47cc796f3ae049c23aa1af78c84c81ce97b9c8ec36488c00f6161000461f7a7ac9621a0d79dcd", 0xc8, 0x1ff}], 0x1, &(0x7f00000004c0)={[{@fmask={'fmask', 0x3d, 0x5cc5}}, {@utf8='utf8'}, {@umask={'umask', 0x3d, 0x4}}], [{@seclabel='seclabel'}]}) 12:34:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 791.774135][ T4858] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 791.779341][ T4837] IPVS: ftp: loaded support on port[0] = 21 [ 791.783123][ T4858] netlink: 'syz-executor.4': attribute type 5 has an invalid length. 12:34:25 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xfff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 791.844934][ T4859] mkiss: ax12: crc mode is auto. [ 791.864842][ T4858] exfat: Deprecated parameter 'utf8' [ 791.904742][ T4858] exfat: Unknown parameter 'seclabel' [ 792.003253][ T4872] exfat: Deprecated parameter 'utf8' [ 792.010956][ T4858] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 792.011645][ T4872] exfat: Unknown parameter 'seclabel' [ 792.034550][ T4858] netlink: 'syz-executor.4': attribute type 5 has an invalid length. 12:34:25 executing program 4: perf_event_open(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) socket$kcm(0x2b, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x26e1, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x40003, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0xe43) write$cgroup_int(r0, &(0x7f0000000200), 0x400086) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(0xffffffffffffffff, r4) ioctl$KVM_GET_FPU(r4, 0x81a0ae8c, &(0x7f0000000500)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, 0xffffffffffffffff) fsetxattr$trusted_overlay_opaque(r6, &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) 12:34:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 792.218862][ T28] audit: type=1804 audit(1594038865.535:589): pid=4877 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/433/file0" dev="sda1" ino=16363 res=1 12:34:25 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x800000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 792.384834][ T28] audit: type=1804 audit(1594038865.535:590): pid=4880 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/433/file0" dev="sda1" ino=16363 res=1 12:34:25 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x1, 0x8, 0x101, 0x0, 0x0, {0xc, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0xa4}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x66da}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x31}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4c804}, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x3) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 792.576839][ T4839] mkiss: ax12: crc mode is auto. [ 792.584892][ T28] audit: type=1804 audit(1594038865.875:591): pid=4839 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/466/file0" dev="sda1" ino=16383 res=1 [ 792.697561][ T28] audit: type=1804 audit(1594038865.875:592): pid=4859 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/466/file0" dev="sda1" ino=16383 res=1 12:34:26 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f00000000c0)=0xc) pidfd_open(r3, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 792.809094][ T28] audit: type=1804 audit(1594038865.875:593): pid=4851 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/466/file0" dev="sda1" ino=16383 res=1 12:34:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:26 executing program 0: r0 = gettid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000280)={0x2, r0}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x10b) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000040)=ANY=[@ANYBLOB="c7fca098424e725f2e8e"]) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r4, 0xc008551a, &(0x7f00000000c0)={0x0, 0x18, [0x10000, 0xfffffffc, 0x9351, 0x20, 0x6, 0x7]}) [ 793.139388][ T4937] mkiss: ax12: crc mode is auto. [ 793.231462][ T4937] mkiss: ax12: crc mode is auto. 12:34:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f7e00a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:34:38 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x8000, 0x100) ioctl$VFIO_SET_IOMMU(r1, 0x3b66, 0x2) r2 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r2}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(r2, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) ioctl$LOOP_CLR_FD(r5, 0x4c01) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000001280)={0x0, @in6={{0xa, 0x4e20, 0x401, @private1}}}, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000180), 0x8) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240), &(0x7f0000001340)=0x4) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) ioctl$sock_bt_bnep_BNEPCONNDEL(0xffffffffffffffff, 0x400442c9, &(0x7f00000001c0)={0x3, @remote}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x20000000, &(0x7f0000000200)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0xffffff1f, 0xc, 0x1233bf, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ACTIVE_SLAVE={0x8, 0x14, r6}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x9effffff}, 0x0) 12:34:38 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:38 executing program 0: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TCFLSH(r0, 0x8926, 0x20000000) r1 = accept4$inet(r0, 0x0, &(0x7f00000000c0), 0x400) setsockopt$inet_dccp_int(r1, 0x21, 0x11, &(0x7f0000000100)=0x1, 0x4) r2 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r3 = gettid() fcntl$setownex(r2, 0xf, &(0x7f0000000280)={0x2, r3}) fcntl$setlease(r2, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x200}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r2) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(r4, r6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r6, 0xc0406619, &(0x7f0000000040)={{0x1, 0x0, @reserved="6d15737832c14bd6c591c1ecab7ac929c50ae98c6d4bb37acd237540d5541412"}}) 12:34:38 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:38 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 805.403411][ T28] audit: type=1804 audit(1594038878.716:594): pid=5285 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/436/file0" dev="sda1" ino=16372 res=1 [ 805.457335][ T5285] mkiss: ax12: crc mode is auto. 12:34:38 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x2, 0x8040) fcntl$addseals(r2, 0x409, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 805.506529][ T28] audit: type=1804 audit(1594038878.716:595): pid=5290 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/436/file0" dev="sda1" ino=16372 res=1 [ 805.543089][ T5288] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5) [ 805.601620][ T28] audit: type=1804 audit(1594038878.786:596): pid=5289 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/468/file0" dev="sda1" ino=16367 res=1 12:34:39 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x2}}, &(0x7f0000000040)='GPL\x00', 0x4, 0x102d, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000)=0x5, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000010000108000000000000000000000a00", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b800800010033141ee47709d36623bef0271a7a159e5adef5e57bc206edb357e833b50d47c50332d5de48858e7853e39c02c3a96a2d78750e30", @ANYRES32=r1, @ANYBLOB="08001b0000000000"], 0x34}}, 0x0) [ 805.745979][ T28] audit: type=1804 audit(1594038878.786:597): pid=5294 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/468/file0" dev="sda1" ino=16367 res=1 [ 805.772583][ T5285] mkiss: ax12: crc mode is auto. 12:34:39 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20, 0x5ed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 805.906354][ T28] audit: type=1804 audit(1594038879.216:598): pid=5315 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/469/file0" dev="sda1" ino=16365 res=1 12:34:39 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:39 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r6 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000040)={0x8, 0x1d, 0xe, 0x0, 0x9, 0x8000, 0x0, 0x8, r7}, 0x20) 12:34:39 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000040)) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 805.968559][ T5338] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:39 executing program 4: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0xc01, 0x3, 0x238, 0xe8, 0x5002004a, 0x0, 0x0, 0x0, 0x1a0, 0x3c8, 0x3c8, 0x1a0, 0x3c8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11], 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@unspec=@connmark={{0x30, 'connmark\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x298) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x5}], {0x14, 0x11, 0x1, 0x0, 0x28}}, 0x3c}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='wg0\x00', 0x10) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = dup2(r1, r3) ioctl$TCFLSH(r4, 0x8926, 0x20000000) fstat(r4, &(0x7f0000000000)) [ 806.034080][ T5339] IPVS: ftp: loaded support on port[0] = 21 12:34:39 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 806.075797][ T28] audit: type=1804 audit(1594038879.226:599): pid=5320 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/469/file0" dev="sda1" ino=16365 res=1 12:34:39 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 806.245581][ T5356] xt_CT: You must specify a L4 protocol and not use inversions on it [ 806.296316][ T5348] mkiss: ax12: crc mode is auto. 12:34:39 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = openat2(r2, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x203, 0x80, 0x14}, 0x18) ioctl$EVIOCGABS0(r3, 0x80184540, &(0x7f0000000140)=""/82) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:39 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 806.479693][ T28] audit: type=1804 audit(1594038879.796:600): pid=5368 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/437/file0" dev="sda1" ino=16377 res=1 [ 806.517924][ T5356] xt_CT: You must specify a L4 protocol and not use inversions on it 12:34:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(r0, r2) bind$l2tp6(r2, &(0x7f0000000040)={0xa, 0x0, 0x800, @mcast2, 0x8}, 0x20) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(0xffffffffffffffff, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x68, 0x2, [@TCA_BASIC_ACT={0x64, 0x3, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x98}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@gettfilter={0x5c, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff1, 0xe}, {0x0, 0x3}, {0xffff, 0x2}}, [{0x8, 0xb, 0xf96}, {0x8, 0xb, 0x2d}, {0x8, 0xb, 0xffff}, {0x8, 0xb, 0x5d8}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x1}]}, 0x5c}}, 0x801) r9 = socket(0x10, 0x2, 0x0) sendmsg(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)="240000001a0003041dfffd946f6105000a00000a1f000003006708000800030040000000", 0x24}], 0x1}, 0x0) 12:34:39 executing program 2: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0xffffffff, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) syz_mount_image$minix(&(0x7f00000002c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0xfffffffffffffffe, 0x2, &(0x7f0000000000)=[{&(0x7f0000000300)="8cae726cf95725848b708fcc90223133e60f65d0e160600084e002000a0000", 0x1f, 0x400}, {&(0x7f0000000bc0)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181db4620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a442650302da7c62472293e281731f683de463532def92dc865838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6675e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272180befcd975673b8ee7449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae116ae81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717e08c82a98089d36c11e70184f5d0c533b3e5fd60ac95a00434b93fbd8833396952eaf676c57ceecd8ae3ac2c06b411a5bc9070d6fb39b7c781d0989f521e0de3f5c1b795eb2721081b1c7d7505714e898b9b4d91a9a27ebf23a6d0416ce0bc51004be24819e0f22fedbee68c7fed25ffd2acab31f2628f4b20b935555c92af4ba6191bc42b664423e205ca81d1c172cc3fd2432c3c0857fd3abe5cf3f6ebb2666c07e85e8f07bcbf109abb44c857d07159e436dee3e821b4658fe11bee59b4f3a4812a9e703c0b57ecfb54717f310825b64033b774cbd7c317aa985f761ea8c919f2c4989c7cfc723985d585b48dc80b394366355aadbe1965f2635af52680c8df3e2ee84aac14416d", 0x41e, 0x34f9}], 0x10410, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) sendto$l2tp(0xffffffffffffffff, &(0x7f0000000040)="6d69373107f9949d640940cb9f248506b3c94619e3235ad4b133d77b00a3d6a02ce43fca6fd270414a9ef296870f57550d", 0x31, 0x0, &(0x7f00000000c0)={0x1d, 0x0, @dev}, 0x10) sigaltstack(&(0x7f0000ffd000/0x2000)=nil, &(0x7f00000003c0)) openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x20000, 0x0) sync_file_range(r0, 0x5, 0xff, 0x4) socket$can_bcm(0x1d, 0x2, 0x2) setxattr$trusted_overlay_opaque(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)='trusted.overlay.opaque\x00', &(0x7f0000000380)='y\x00', 0x2, 0x1) syz_genetlink_get_family_id$wireguard(&(0x7f0000000200)='wireguard\x00') ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000200)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(0xffffffffffffffff, r2) pipe2(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000400)='trusted.overlay.opaque\x00', &(0x7f0000000440)='./file0\x00', r3) openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x400, 0x0) 12:34:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x204001, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x70, 0xea, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, r2, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = dup2(0xffffffffffffffff, r4) ioctl$TCFLSH(r5, 0x8926, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r7, 0x400, 0x0, 0x0, {}, [{@pci={{0x0, 0x1, 'pci\x00'}, {0x0, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x34080280}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r7, 0x2, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4048811}, 0x4000000) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 806.667603][ T28] audit: type=1804 audit(1594038879.826:601): pid=5361 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/437/file0" dev="sda1" ino=16377 res=1 12:34:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 806.785053][ T5397] mkiss: ax12: crc mode is auto. [ 806.793075][ T28] audit: type=1804 audit(1594038880.106:602): pid=5393 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/471/file0" dev="sda1" ino=16365 res=1 [ 806.801595][ T5407] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 806.824365][ T398] tipc: TX() has been purged, node left! 12:34:40 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x4, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 806.890631][ T5402] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. [ 806.900910][ T28] audit: type=1804 audit(1594038880.106:603): pid=5398 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/471/file0" dev="sda1" ino=16365 res=1 12:34:40 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, r4, 0x0) r5 = request_key(&(0x7f0000000040)='logon\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)='\\/\'\\-&\x00', r4) ioctl$VIDIOC_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, &(0x7f0000000440)={0x0, @reserved}) pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000500)="1ca9f00ccb1bf04c3b9a5d854f786cb0674f94c45302b129f6f3213926a21782c52761d47939b8a464ce26b645ce4b045251cef4cffe61c8eaba380b1c5dcffdcc7d05528335957815f8afc2e9a39a7be416219729d0b5b615b6844aa86153f3b2d7fbc2a9031c87afc3b1fc160f1c143e63289dc417a8bfbf7d35d42d2d16cb66", 0x81}, {&(0x7f00000005c0)="901e672d62c1d5013700d70c51bc213b58ca1eb2c38a81ac4d06ae76f4f18f742903552253f12901ffbd33db98bfd2ed077e8fb79018b0b6f11cf648c81936366bb3db35b0c45ed77bfde7cfa430a460fd57532f7f3aa4ffe89468783fdfcfbb1426c37882c92505e57931398e7af9908cbd9873a9b4d2b028c062047e252569e55de75a36858ea8beaaa750de82a184aa747f712c95d1c115d7c7818db2", 0x9e}], 0x2, 0x5) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRESOCT=r5, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000001d7e44a70e3ba3bdc5e82312883a467e2b516db8c2eb5692b27d019945a68fb6ad3e653dd0e7dac7b91717ef7b18556200a1b6d4b34596e69e5ac9b2f080f09a586e5df08be7867e03ab966495ae0e68f610cd8b197234b4bc12997c8407"]) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 807.206543][ T5432] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 12:34:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0xfe52) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$read(0xb, 0x0, &(0x7f00000003c0)=""/67, 0x43) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) r8 = dup2(r5, r7) ioctl$TCFLSH(r8, 0x8926, 0x20000000) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, r8, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12:34:40 executing program 3: r0 = gettid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000280)={0x2, r0}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) close(0xffffffffffffffff) openat$audio1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x2000, 0x0) 12:34:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:40 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000240)=0x19, 0x2) r2 = gettid() timer_create(0x0, &(0x7f00009cefa8)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000044000)) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x20000000}, r2, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x101) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nvme-fabrics\x00', 0x4e0060, 0x0) getsockopt$netrom_NETROM_T4(r3, 0x103, 0x6, &(0x7f0000000300)=0xbe, &(0x7f0000000340)=0x4) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) vmsplice(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)="1775d92975db033897b7e495f5ce9c8bf879b6af83752f3981193fdfd488aac0500e831374d58fe8d1f75e6e5f575812847ec0913d168843d0d151fca521b21ff3a8dc242ab57ea82ce93648991fb8a2918748ac4a9c5cde32eb9657aea1431b65060f947fbc6bbb6600b93831e9cc7e2dec0d9cc42a574c68682fd21d7302a22b0c864dd560f38b6389d94f4057", 0x8e}, {&(0x7f0000000040)="e22906c8c022713583c1c21b451a19a08e42bc848a9cd2c94d03b5372ab706f6effb3509cfc33fe61eba2fb85f5521e230001c6f53e93393c2f95e9d6d", 0x3d}], 0x2, 0x0) [ 807.502129][ T5402] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. 12:34:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 807.690180][ T5445] mkiss: ax12: crc mode is auto. [ 809.485293][ T5445] mkiss: ax12: crc mode is auto. 12:34:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:43 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) ioctl$SNDCTL_DSP_SETDUPLEX(r4, 0x5016, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) 12:34:43 executing program 5: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) inotify_init1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 12:34:43 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000040)={0x1, 0x1, 0x5, {0x80000000, 0x29364b88, 0xaa5, 0x9}}) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 12:34:43 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x8800, 0x0) socket$inet(0x2, 0x1, 0x100) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) read$midi(r1, &(0x7f00000002c0)=""/4096, 0x1000) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x800) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sysfs$1(0x1, &(0x7f0000000100)='\x00') ftruncate(r2, 0x2008002) sendfile(r0, r2, 0x0, 0x200fff) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0xf2400, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) pipe(&(0x7f00000003c0)) socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8) [ 810.280295][ T5413] Process accounting resumed [ 810.435932][ T5537] mkiss: ax12: crc mode is auto. 12:34:43 executing program 2: clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x3, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) dup2(0xffffffffffffffff, r2) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000121404002abd7000fbdbdf250800010001e6b73c4880feceaa4bb8af000000"], 0x18}, 0x1, 0x0, 0x0, 0x2a1fccde6d068b52}, 0x8001) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000180)=0x1e) r3 = memfd_create(&(0x7f00000000c0)='sysm$\x00', 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r3, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) prctl$PR_SET_DUMPABLE(0x4, 0x0) r6 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2, 0x1) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x30, r7, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, '\x00'}}}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(r6, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r7, 0x400, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x14, 0x18, {0xee7d, @bearer=@udp='udp:syz1\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x8001) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip6_tables_names\x00') 12:34:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) [ 810.526246][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 810.526260][ T28] audit: type=1804 audit(1594038883.836:609): pid=5539 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/441/file0" dev="sda1" ino=16368 res=1 [ 810.617115][ T5550] mkiss: ax12: crc mode is auto. 12:34:43 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r1], 0x1c}}, 0x40c0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0xf}, 0x4802, 0x0, 0x2f6, 0x4}, 0x0, 0xd, 0xffffffffffffffff, 0x0) clock_gettime(0x7, &(0x7f00000000c0)) r2 = epoll_create1(0x0) close(0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x40002016}) finit_module(0xffffffffffffffff, &(0x7f0000000100)='!\x00', 0x3) clock_settime(0x0, &(0x7f0000000400)={0x77359400}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x4, 0x5, 0x800) poll(0x0, 0x0, 0x8000000000000200) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @mss, @window={0x3, 0x7}, @mss={0x2, 0x919f}, @timestamp, @window={0x3, 0xfff}], 0x2000019f) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000200), 0x88) sendto$inet(r3, &(0x7f0000000640)="e046385738d0b6e2f17050c3002a9fe3e2f4bbc226e39bf35204d275a8fadde37aab3905bbacaf04d57fb246d660ea69d755b5fa4e9dcdda9919e7cfdd2fd6f2ffd8ca8b450d8b0646e2d9363d42c096c630e57a2bfd2c36cec695821437e9d3554f3eb5c048236b4b4adb7e302a1588fa2daa0101000000000000f38fe3b4bded81207efe8fd987bd3b2cc76b79deb96df13c5456630d4cfb858f6dbcdd4f199a5164ba2fde0014d7f98d9251bbc07bca2b6710308dddc540dfb44b0f9a5f27d73e1c33d091ce5c7f8e57291112231b051a2af634f381203b6b98cb0c0a1291bd094e861061a5a7cd4777d447690e4ce2c07c13e8be18014070681395d0b0c385e39ce7d422637255c6d13229f280b57064ba62d52e7bfe695f75de4854fdef56f93ca9d237175aa0197b0e6850bd4158666d28006da6a35362b29ed6895507ab4064c7fcece12dfb9411b1274080915c0d3a124ae1b77be2d7c8c9c86c4d7a7589d7fc9c922ac84b411d0c219816f586b6fc7d2452ff4c5eb64f913598968cfae6f30fb0dc0ee08865739ed8aef27a1d973860531ae8a8c5dd6263e690a5be08e6732a2d526a6455ab9a9fcd36140462021416cc8d43c5b09215d8e4c221ea58fc6974edb8e258c738811f523b25c3d94c91b7d080b5466cbe699b2123cac02430e01d4b57c0dc794268f9b172694745678fcc68c569d01e821113d76b090ac0740cd35f82bfc027bfd500904bc62e260dc9d60d1545396141cff61bf720d5aff18c58278cc2778eae68f3ead53a4adae3b68c5344c3a982939d84661a042622fc9414ee873a78548299340d8fdef879802c636400"/611, 0xffffffffffffff67, 0x40007bd, 0x0, 0xffffffffffffff4f) [ 810.642906][ T5568] dlm: non-version read from control device 4096 [ 810.671804][ T28] audit: type=1804 audit(1594038883.836:610): pid=5546 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir690144246/syzkaller.QwQ8S2/441/file0" dev="sda1" ino=16368 res=1 12:34:44 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) dup2(r2, r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) dup2(0xffffffffffffffff, r6) ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000440)=ANY=[@ANYBLOB="04000000000000005f0e00000000000004000000ff7f00000600000000000000080000000000090000000000000000000500000000000000000000000000000000000000000000000002000000000000000000000000000008000000000000000900000000000000080000000000000000000000000000000000000000000000080100000000000000000000000000000900000000000000080000000000000081000000000000000000000000000000000000000000000001000000000000000000000000000000ff03000000000000070000000000000009ffec47b065d90000000000000000000000000000000000000000000000001000000000000000000000000000000900000000000000ffffffff00000000e800000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000180000000000000ffff00000000000000000000000000000000000000000000002000"/374]) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) 12:34:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x8e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x58, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @local, @remote, [@hopopts={0x0, 0x1, [], [@enc_lim, @generic={0x0, 0x4, "a3da7a25"}]}], "7d2a653e1eafede7d8a5bd8263bf7694"}}}}}}}, 0x0) 12:34:44 executing program 4: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x0) close(r0) read$midi(r0, 0x0, 0x0) accept$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="eb3c906d6b66732e666174000204010002000270fff8f2", 0x17}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/slabinfo\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) write$9p(r3, &(0x7f0000001400)=';', 0xb00c) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r3, 0xc0105303, &(0x7f00000001c0)={0x5, 0x2a, 0x8}) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x20a000, 0x0) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x11, 0x800000000000004, 0x7, 0x1, 0x240, 0xffffffffffffffff, 0x0, [], r1}, 0x40) 12:34:44 executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) gettid() fcntl$setlease(r0, 0x400, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r0) [ 810.815470][ T28] audit: type=1804 audit(1594038883.886:611): pid=5537 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/474/file0" dev="sda1" ino=16372 res=1 [ 810.887638][ T28] audit: type=1804 audit(1594038883.886:612): pid=5550 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir443099173/syzkaller.9oLQX1/474/file0" dev="sda1" ino=16372 res=1 [ 810.947222][ T28] audit: type=1800 audit(1594038884.066:613): pid=5571 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=16365 res=0 [ 915.880991][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 915.888519][ C0] rcu: 1-...!: (1 GPs behind) idle=73a/1/0x4000000000000000 softirq=71162/71164 fqs=37 [ 915.899063][ C0] (detected by 0, t=10502 jiffies, g=111677, q=107) [ 915.905745][ C0] Sending NMI from CPU 0 to CPUs 1: [ 915.913349][ C0] NMI backtrace for cpu 1 [ 915.913362][ C0] CPU: 1 PID: 3917 Comm: systemd-udevd Not tainted 5.8.0-rc3-syzkaller #0 [ 915.913371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 915.913377][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x23/0x30 [ 915.913392][ C0] Code: cc cc cc cc cc cc cc 8b 05 0a ba c9 02 85 c0 74 21 8b 05 54 eb c9 02 85 c0 74 17 65 48 8b 04 25 00 ff 01 00 8b 80 cc 08 00 00 <85> c0 0f 94 c0 0f b6 c0 c3 cc cc cc cc 53 48 c7 c3 00 6c 03 00 e8 [ 915.913397][ C0] RSP: 0018:ffffc90000da8dd0 EFLAGS: 00000002 [ 915.913408][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81640efc [ 915.913415][ C0] RDX: ffff88809e998080 RSI: ffffffff816410be RDI: 0000000000000001 [ 915.913421][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8aae594f [ 915.913428][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 915.913435][ C0] R13: ffff8880ae727840 R14: ffff888096a17b40 R15: dffffc0000000000 [ 915.913443][ C0] FS: 00007fa7a24758c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 915.913449][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 915.913455][ C0] CR2: 000000000043e360 CR3: 000000009e53a000 CR4: 00000000001426e0 [ 915.913462][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 915.913469][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 915.913473][ C0] Call Trace: [ 915.913476][ C0] [ 915.913481][ C0] rcu_read_lock_sched_held+0xd/0xb0 [ 915.913486][ C0] __hrtimer_run_queues+0xd13/0xfc0 [ 915.913491][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 915.913497][ C0] ? ktime_get_update_offsets_now+0x1c4/0x250 [ 915.913501][ C0] hrtimer_interrupt+0x32a/0x930 [ 915.913506][ C0] ? _raw_spin_unlock+0x24/0x40 [ 915.913511][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 915.913516][ C0] asm_call_on_stack+0xf/0x20 [ 915.913519][ C0] [ 915.913525][ C0] sysvec_apic_timer_interrupt+0xe0/0x120 [ 915.913530][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 915.913535][ C0] RIP: 0010:rcu_is_watching+0x5d/0xb0 [ 915.913550][ C0] Code: 80 3c 11 00 75 61 48 03 1c c5 20 39 81 89 48 b8 00 00 00 00 00 fc ff df 48 8d bb d8 00 00 00 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 25 8b 83 d8 00 00 [ 915.913555][ C0] RSP: 0018:ffffc90001577618 EFLAGS: 00000a02 [ 915.913565][ C0] RAX: dffffc0000000000 RBX: ffff8880ae736c00 RCX: 1ffffffff1302725 [ 915.913572][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880ae736cd8 [ 915.913579][ C0] RBP: 00007fa7a12e8335 R08: 0000000000000000 R09: ffffffff8c58fa27 [ 915.913586][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001577700 [ 915.913593][ C0] R13: 0000000000000000 R14: ffff88809e998080 R15: 0000000000001000 [ 915.913597][ C0] ? rcu_is_watching+0x11/0xb0 [ 915.913602][ C0] is_bpf_text_address+0xdd/0x160 [ 915.913607][ C0] kernel_text_address+0xbd/0xf0 [ 915.913612][ C0] __kernel_text_address+0x9/0x30 [ 915.913617][ C0] unwind_get_return_address+0x51/0x90 [ 915.913621][ C0] ? profile_setup.cold+0xc1/0xc1 [ 915.913626][ C0] arch_stack_walk+0x97/0xf0 [ 915.913631][ C0] stack_trace_save+0x8c/0xc0 [ 915.913636][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 915.913641][ C0] ? is_bpf_text_address+0xcb/0x160 [ 915.913645][ C0] save_stack+0x1b/0x40 [ 915.913649][ C0] ? save_stack+0x1b/0x40 [ 915.913655][ C0] ? __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 915.913659][ C0] ? __kmalloc+0x17a/0x340 [ 915.913664][ C0] ? tomoyo_realpath_from_path+0xc3/0x620 [ 915.913669][ C0] ? tomoyo_path_perm+0x212/0x3f0 [ 915.913674][ C0] ? security_inode_getattr+0xcf/0x140 [ 915.913678][ C0] ? vfs_statx+0x170/0x390 [ 915.913683][ C0] ? __do_sys_newlstat+0x91/0x110 [ 915.913688][ C0] ? do_syscall_64+0x60/0xe0 [ 915.913693][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 915.913698][ C0] ? mark_lock+0xbc/0x1710 [ 915.913702][ C0] ? __lock_acquire+0xc1e/0x56e0 [ 915.913708][ C0] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 915.913713][ C0] ? __do_sys_newlstat+0x91/0x110 [ 915.913717][ C0] ? do_syscall_64+0x60/0xe0 [ 915.913723][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 915.913728][ C0] ? kasan_unpoison_shadow+0x33/0x40 [ 915.913733][ C0] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 915.913738][ C0] ? tomoyo_realpath_from_path+0xc3/0x620 [ 915.913742][ C0] __kmalloc+0x17a/0x340 [ 915.913748][ C0] tomoyo_realpath_from_path+0xc3/0x620 [ 915.913752][ C0] ? tomoyo_profile+0x42/0x50 [ 915.913757][ C0] tomoyo_path_perm+0x212/0x3f0 [ 915.913762][ C0] ? tomoyo_path_perm+0x1b8/0x3f0 [ 915.913767][ C0] ? tomoyo_check_open_permission+0x380/0x380 [ 915.913771][ C0] ? putname+0xe1/0x120 [ 915.913776][ C0] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 915.913781][ C0] ? putname+0xe1/0x120 [ 915.913785][ C0] ? kmem_cache_free+0x261/0x310 [ 915.913790][ C0] ? nd_jump_link+0x360/0x360 [ 915.913795][ C0] ? getname_flags.part.0+0x1dd/0x4f0 [ 915.913800][ C0] security_inode_getattr+0xcf/0x140 [ 915.913804][ C0] vfs_statx+0x170/0x390 [ 915.913809][ C0] ? do_readlinkat+0x2f0/0x2f0 [ 915.913814][ C0] ? clone_private_mount+0x140/0x140 [ 915.913818][ C0] ? dput+0x35/0xbc0 [ 915.913822][ C0] __do_sys_newlstat+0x91/0x110 [ 915.913827][ C0] ? __do_sys_newstat+0x110/0x110 [ 915.913831][ C0] ? mntput+0x67/0x90 [ 915.913836][ C0] ? __secure_computing+0x104/0x360 [ 915.913841][ C0] ? syscall_trace_enter+0x14a/0x340 [ 915.913845][ C0] do_syscall_64+0x60/0xe0 [ 915.913851][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 915.913855][ C0] RIP: 0033:0x7fa7a12e8335 [ 915.913858][ C0] Code: Bad RIP value. [ 915.913863][ C0] RSP: 002b:00007ffd8b0994d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 915.913875][ C0] RAX: ffffffffffffffda RBX: 0000559ddcd0a080 RCX: 00007fa7a12e8335 [ 915.913882][ C0] RDX: 00007ffd8b099510 RSI: 00007ffd8b099510 RDI: 0000559ddcd09080 [ 915.913889][ C0] RBP: 00007ffd8b0995d0 R08: 0000559ddcf8d540 R09: 0000000000001010 [ 915.913896][ C0] R10: 0000000000000020 R11: 0000000000000246 R12: 0000559ddcd09080 [ 915.913903][ C0] R13: 0000559ddcd090a0 R14: 0000559ddcd63e9b R15: 0000559ddcd63ea0 [ 915.913921][ C0] rcu: rcu_preempt kthread starved for 10428 jiffies! g111677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 916.519488][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 916.529449][ C0] rcu: RCU grace-period kthread stack dump: [ 916.535331][ C0] rcu_preempt R running task 29120 10 2 0x00004000 [ 916.543248][ C0] Call Trace: [ 916.546541][ C0] __schedule+0x8e1/0x1eb0 [ 916.550963][ C0] ? io_schedule_timeout+0x140/0x140 [ 916.556242][ C0] ? enqueue_timer+0x420/0x420 [ 916.561003][ C0] ? lock_downgrade+0x820/0x820 [ 916.565861][ C0] schedule+0xd0/0x2a0 [ 916.569930][ C0] schedule_timeout+0x148/0x250 [ 916.574775][ C0] ? usleep_range+0x170/0x170 [ 916.579446][ C0] ? lockdep_hardirqs_on+0x6a/0xe0 [ 916.584551][ C0] ? __next_timer_interrupt+0x190/0x190 [ 916.590100][ C0] ? prepare_to_swait_exclusive+0x2d0/0x2d0 [ 916.595995][ C0] rcu_gp_kthread+0xae5/0x1b50 [ 916.600763][ C0] ? call_rcu+0x7e0/0x7e0 [ 916.605090][ C0] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 916.610900][ C0] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 916.616900][ C0] ? lockdep_hardirqs_on+0x6a/0xe0 [ 916.622017][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 916.627043][ C0] ? call_rcu+0x7e0/0x7e0 [ 916.631379][ C0] kthread+0x3b5/0x4a0 [ 916.635444][ C0] ? __kthread_bind_mask+0xc0/0xc0 [ 916.640554][ C0] ? __kthread_bind_mask+0xc0/0xc0 [ 916.645664][ C0] ret_from_fork+0x1f/0x30