01d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) [ 347.149912][T10525] input: syz1 as /devices/virtual/input/input26 14:13:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="c6b4a6d9029c6627073555d58833be233843d690a186b98d00d887ce2b32158924f018b1ffb0710a8c2d44183e241b374d0fe27d4dbeba8698881e2901b8d3837b1e8792fdf9e8b98d87fc6ef7f5c3bbf4cc218f8f0a3a8579615ff9a2ae7d1104b0b054741713b5d793b468d197061d2433be41400c1312177f350f48132d7052b712027730e2b5d95e321ad2d39c6e456644bf7339c34518849646c96ddb6ddb372a7ee4822bed3f3a21b373f369c5c3855f5da29f011b144eae98b16dcf226177645a61ea3cbcb016b4e71c06f7a3a15377723a8590c8d34446c6ed543c1e94127b7ab191cd5eaa003ffffaede947aed59a3f2f1e8be5adea423b5d74c362c309c6ca11ea36ee17a89e56211a349a767719374192d7dd1fd542db1073c6b2697eb79cf6a9c99f67c22a77121a11", @ANYPTR64, @ANYRES64, @ANYRESHEX, @ANYBLOB="94acefd55405cc7fb00ecb397f8f38bd98c2ddd3996c"], 0x0, 0x167}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/5, 0x5}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 14:13:16 executing program 2: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:16 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c40)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4a06b29e220dc28dac72599456d464419e5b2fc70b72c0bb8e90f61cc4e6f3fe2d1dee18f638ac947b5e026a3287c84ccc727d6ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca03767c69cee1b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94615e49c08c9a20819e02cc22e6b652b1673773ae3cab8d7674c6c4dca2f1b4d745fd95c41f9d441d42f49db6d4a4762e5cc23dfc1adafd1e5a3e7f2e888961cb43e438c4e41ae43ea118e1407a601dae4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a0e3ed34258b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13df15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11a755761fe46169b2b5b8cdedb695cc425fe203d2f2655a76865c2cb4e2470fcfb1248c0add5431a7fbcb0ef4f66809af93a09fab1daae4b518d7a5d95a017864487366d6d7ee7bb00200000000000000c60fca2e2981b22d08f874e0a9cb6fca78d6f1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d773294e097e293db58993c0024ab2fd8e5e7003af92d11de48e8b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde24f18e4bf7156edc4ef81f74a7cdac01d998e34f34a5ba9a4a2039d0416e3f83074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba52bee6f81968981811f832d064048c0e0bbe46984b2f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f088925e872ef8b4f31e6f57ba631baa729031aae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc349ab96e73d2060acfd8145e4a5851bc4d6fd6741fce0834c65c5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf617a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e57a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf083de3b4ab6368e95dd4fdf6710cd4a79651dc3e1e056c3ecd6b51f30663cc256094c840662e09ab831b7bae9aec6d7259250016795cf91f12dbb72fc321c3dfb5f9181529906b43f9d6b8ce9fad13e1085cafd41183908173e16e40037681835aa080f34b87bba0be276340295062f671e933292e32036cbd03f9a4cd660a94374b013e9f32a6bfb65417b537cd8f67f975358140384a1ca0537fd3a2a2c37006e4b30ffe469bba4251aa3ba4626acd810000000000000000ee37c63f7f295579f542b12f248f4b6ba14448abab540fb7d98a081f3d3c946455d61734855005bcc876bd15a76dd552f9bfeb091a4e82a5d11033e528b133103f5592d5684a57dd70556818ea30e03dc2a6eb69423e4f27034351809da4e5002aa346d4d3e0e2a5a9ba1130b4fe983fc344c1de9f536cff06187599523cbddcd8ffc2d11d5db7712be71c0d74a5ae4e8ff6e65238bb23ea2a979d3e8ab83857a1607dc612f0d84492279bba5ec6c5cea6af9d342bb49bc72ff4e9f061761f72201946a4834efd932dd2c15a4ba38160d17be2610e236b6f42714a027f07af03b6fe4f1bfdca3db28c7ce5057bd6eb66d084510981dc3e018515dedc6cf042108a16278e8ec5d184df4aaa0bc4dbce27dcea83e8a7f2c3cc07eb1282c6d8fb776b89448851bf8a2af71922dfaf59b26aca5b809075"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e002000633a77fbac14143fee", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) 14:13:16 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) [ 347.419623][T10544] input: syz1 as /devices/virtual/input/input27 14:13:16 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000e40)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000270700004c0000001f75000000000000bf5400000000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecd5615f3196e3359aceb768637e60bd5d2e4b5992de991371274fdff6e79fc722e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0bbcc5bf6fec345ae9606c3c1a348f9b395592c91b5c78d92ee3364645d1018e5e4b41b13000c94df1f2db24c67d4bb549ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8befe8855841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cfb5279195f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd36d44f92991a7817450bc7921dd372e621dd447b868a3ed1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446ef1c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250bbce4f618cad2375a34c7f15c3096f3871cd8212453655157d7deab16b60ef13c84120d0973f7014ac59f8b0e6448766ddf1ba2aab6c79f5874d484f88b4b88ee1c6d839fe70e426e470d200fdf92a912cbd17722329a64dffad0d31fee528e7befd39e292affcc8703cd13a8f8a4986d8df3d148e9da3a010bdce0a34c9b7879cf870a089b4ae8ca8167f82e3744085fc4c86392d246a57aa9363397212caf8fe3c48f0535edb3c5b379c92b480c30226def6e2f48778ead91ad774f9f4a1a9b0ac30c7a51000000000000400746d22e3941fcbfd9f03684fcad1ce47e399e8721af3685921489a68955b58ac6662ad3c21f82ec83c415c7a86bba9a4ab2fc1e5fc26414edad7283db15f8397f9fc81289cbbe2ca061b1a50b5a8e9a36c474d28641750f67966576695b3da362472e7093d8a9c8da1b8bf8533fcfa3d816524dd464292fd7f90d64e00cad307dc2400676a0b41940d1941b4737b5e65e4de5fd8efb5e6c4715531527661f84cb5e58fdd560c36e4206cb645f21bb3bee174705dd7cde7e8a55deb432366e7c8d8991203ba0d93d4e4ca2ecbb328d85c527f6ae969c9ddaf1a653773663552ee037075097c59edfcc5892d59359090d0d6e4f91"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x0, 0x0, 0x0, 0x0) [ 347.619083][ T26] audit: type=1804 audit(1588169596.724:90): pid=10561 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/58/bus" dev="sda1" ino=15889 res=1 [ 347.945476][ T26] audit: type=1804 audit(1588169596.774:91): pid=10565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/58/bus" dev="sda1" ino=15889 res=1 14:13:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(0xffffffffffffffff) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:17 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:17 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) tkill(r2, 0x1004000000013) 14:13:17 executing program 2: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:17 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000e40)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000270700004c0000001f75000000000000bf5400000000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecd5615f3196e3359aceb768637e60bd5d2e4b5992de991371274fdff6e79fc722e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0bbcc5bf6fec345ae9606c3c1a348f9b395592c91b5c78d92ee3364645d1018e5e4b41b13000c94df1f2db24c67d4bb549ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8befe8855841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cfb5279195f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd36d44f92991a7817450bc7921dd372e621dd447b868a3ed1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446ef1c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250bbce4f618cad2375a34c7f15c3096f3871cd8212453655157d7deab16b60ef13c84120d0973f7014ac59f8b0e6448766ddf1ba2aab6c79f5874d484f88b4b88ee1c6d839fe70e426e470d200fdf92a912cbd17722329a64dffad0d31fee528e7befd39e292affcc8703cd13a8f8a4986d8df3d148e9da3a010bdce0a34c9b7879cf870a089b4ae8ca8167f82e3744085fc4c86392d246a57aa9363397212caf8fe3c48f0535edb3c5b379c92b480c30226def6e2f48778ead91ad774f9f4a1a9b0ac30c7a51000000000000400746d22e3941fcbfd9f03684fcad1ce47e399e8721af3685921489a68955b58ac6662ad3c21f82ec83c415c7a86bba9a4ab2fc1e5fc26414edad7283db15f8397f9fc81289cbbe2ca061b1a50b5a8e9a36c474d28641750f67966576695b3da362472e7093d8a9c8da1b8bf8533fcfa3d816524dd464292fd7f90d64e00cad307dc2400676a0b41940d1941b4737b5e65e4de5fd8efb5e6c4715531527661f84cb5e58fdd560c36e4206cb645f21bb3bee174705dd7cde7e8a55deb432366e7c8d8991203ba0d93d4e4ca2ecbb328d85c527f6ae969c9ddaf1a653773663552ee037075097c59edfcc5892d59359090d0d6e4f91"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x0, 0x0, 0x0, 0x0) [ 348.440242][T10579] input: syz1 as /devices/virtual/input/input28 14:13:17 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000e40)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000270700004c0000001f75000000000000bf5400000000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecd5615f3196e3359aceb768637e60bd5d2e4b5992de991371274fdff6e79fc722e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0bbcc5bf6fec345ae9606c3c1a348f9b395592c91b5c78d92ee3364645d1018e5e4b41b13000c94df1f2db24c67d4bb549ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8befe8855841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cfb5279195f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd36d44f92991a7817450bc7921dd372e621dd447b868a3ed1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446ef1c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250bbce4f618cad2375a34c7f15c3096f3871cd8212453655157d7deab16b60ef13c84120d0973f7014ac59f8b0e6448766ddf1ba2aab6c79f5874d484f88b4b88ee1c6d839fe70e426e470d200fdf92a912cbd17722329a64dffad0d31fee528e7befd39e292affcc8703cd13a8f8a4986d8df3d148e9da3a010bdce0a34c9b7879cf870a089b4ae8ca8167f82e3744085fc4c86392d246a57aa9363397212caf8fe3c48f0535edb3c5b379c92b480c30226def6e2f48778ead91ad774f9f4a1a9b0ac30c7a51000000000000400746d22e3941fcbfd9f03684fcad1ce47e399e8721af3685921489a68955b58ac6662ad3c21f82ec83c415c7a86bba9a4ab2fc1e5fc26414edad7283db15f8397f9fc81289cbbe2ca061b1a50b5a8e9a36c474d28641750f67966576695b3da362472e7093d8a9c8da1b8bf8533fcfa3d816524dd464292fd7f90d64e00cad307dc2400676a0b41940d1941b4737b5e65e4de5fd8efb5e6c4715531527661f84cb5e58fdd560c36e4206cb645f21bb3bee174705dd7cde7e8a55deb432366e7c8d8991203ba0d93d4e4ca2ecbb328d85c527f6ae969c9ddaf1a653773663552ee037075097c59edfcc5892d59359090d0d6e4f91"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x0, 0x0, 0x0, 0x0) 14:13:17 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) [ 348.794249][ T26] audit: type=1804 audit(1588169597.894:92): pid=10603 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/59/bus" dev="sda1" ino=15825 res=1 [ 348.862167][ T26] audit: type=1804 audit(1588169597.944:93): pid=10607 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/59/bus" dev="sda1" ino=15825 res=1 14:13:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}], 0x2, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{&(0x7f0000002600)=""/237, 0xed}, {0x0}], 0x2, &(0x7f00000047c0)=""/10, 0xa}}, {{0x0, 0x0, &(0x7f0000004940)=[{&(0x7f0000000500)=""/145, 0x91}], 0x1}, 0x7e}], 0x6, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:19 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:19 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000000)) 14:13:19 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:19 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) tkill(r2, 0x1004000000013) 14:13:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:19 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) [ 350.443294][T10623] input: syz1 as /devices/virtual/input/input29 14:13:19 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x100000000000}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f00000005c0)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="a4bca4dddf9ce544fb925d7db99eef2e1259ffac68c378518b29877a5130a61a3ed6dfa983d16a01eb010001000000000097ce4b29ef3a71de3e0553cd80fcfe397cb18bb9923878673c8f65cc207d650978a5183d2600d3d2a6b2a3a4bea14bf4a2b781029c6ad93b00baa1805b9740831d331cbacad00db7b6671048b173441f97919961a7a1f7b2c2a969"], 0x8c) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="54d7fe732be7b0fe8fcd59a418bd53096beeb5cbed9e99fc5432f7c5e789dc5c33df461e0d", @ANYRES32=0x0], &(0x7f0000a8a000)=0x2) sendfile(r3, r3, &(0x7f00000001c0), 0x8080fffffffe) [ 350.556745][ T26] audit: type=1804 audit(1588169599.654:94): pid=10637 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/60/bus" dev="sda1" ino=16209 res=1 14:13:19 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:19 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:19 executing program 1: r0 = memfd_create(&(0x7f0000000180)='&.\\keyring\x00', 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0x30}, 0x30) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000200), 0x0) [ 350.672594][ T26] audit: type=1804 audit(1588169599.734:95): pid=10641 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/60/bus" dev="sda1" ino=16209 res=1 14:13:20 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x100000000000}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f00000005c0)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="a4bca4dddf9ce544fb925d7db99eef2e1259ffac68c378518b29877a5130a61a3ed6dfa983d16a01eb010001000000000097ce4b29ef3a71de3e0553cd80fcfe397cb18bb9923878673c8f65cc207d650978a5183d2600d3d2a6b2a3a4bea14bf4a2b781029c6ad93b00baa1805b9740831d331cbacad00db7b6671048b173441f97919961a7a1f7b2c2a969"], 0x8c) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="54d7fe732be7b0fe8fcd59a418bd53096beeb5cbed9e99fc5432f7c5e789dc5c33df461e0d", @ANYRES32=0x0], &(0x7f0000a8a000)=0x2) sendfile(r3, r3, &(0x7f00000001c0), 0x8080fffffffe) [ 350.817172][T10645] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 350.826626][T10645] FAT-fs (loop3): Filesystem has been set read-only [ 350.833660][T10645] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 350.859266][T10655] input: syz1 as /devices/virtual/input/input30 14:13:20 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:20 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x100000000000}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f00000005c0)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="a4bca4dddf9ce544fb925d7db99eef2e1259ffac68c378518b29877a5130a61a3ed6dfa983d16a01eb010001000000000097ce4b29ef3a71de3e0553cd80fcfe397cb18bb9923878673c8f65cc207d650978a5183d2600d3d2a6b2a3a4bea14bf4a2b781029c6ad93b00baa1805b9740831d331cbacad00db7b6671048b173441f97919961a7a1f7b2c2a969"], 0x8c) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="54d7fe732be7b0fe8fcd59a418bd53096beeb5cbed9e99fc5432f7c5e789dc5c33df461e0d", @ANYRES32=0x0], &(0x7f0000a8a000)=0x2) sendfile(r3, r3, &(0x7f00000001c0), 0x8080fffffffe) 14:13:20 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:20 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) [ 351.109758][T10668] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 351.126931][T10668] FAT-fs (loop3): Filesystem has been set read-only [ 351.145448][T10668] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 351.183930][T10678] input: syz1 as /devices/virtual/input/input31 14:13:20 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) tkill(r2, 0x1004000000013) 14:13:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:20 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:20 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x100000000000}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f00000005c0)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="a4bca4dddf9ce544fb925d7db99eef2e1259ffac68c378518b29877a5130a61a3ed6dfa983d16a01eb010001000000000097ce4b29ef3a71de3e0553cd80fcfe397cb18bb9923878673c8f65cc207d650978a5183d2600d3d2a6b2a3a4bea14bf4a2b781029c6ad93b00baa1805b9740831d331cbacad00db7b6671048b173441f97919961a7a1f7b2c2a969"], 0x8c) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="54d7fe732be7b0fe8fcd59a418bd53096beeb5cbed9e99fc5432f7c5e789dc5c33df461e0d", @ANYRES32=0x0], &(0x7f0000a8a000)=0x2) sendfile(r3, r3, &(0x7f00000001c0), 0x8080fffffffe) [ 351.332393][T10674] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 14:13:20 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 351.378835][T10674] FAT-fs (loop1): Filesystem has been set read-only [ 351.405700][T10674] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 970769) 14:13:20 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) 14:13:20 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_AUDIO(0xffffffffffffffff, 0x80345621, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0), 0x4) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0xde, 0x0) getsockname$l2tp(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @private}, &(0x7f0000000380)=0x10) accept$netrom(r1, &(0x7f0000000280)={{0x3, @default}, [@bcast, @rose, @null, @rose, @bcast, @remote, @netrom, @null]}, &(0x7f0000000200)=0x48) lseek(0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffb) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000180)={0x80000000, 0x7, 0x1, 0x4000000, 0x3, {0x0, 0xea60}, {0x0, 0x0, 0x7, 0x4, 0x6, 0xff, "4a858f79"}, 0x0, 0x1, @userptr=0x7, 0x0, 0x0, r0}) unshare(0x40040400) sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x1) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000005c0)={0x3, 0x70, 0x0, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(0xffffffffffffffff, 0x80605414, &(0x7f0000000540)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) [ 351.506831][T10696] input: syz1 as /devices/virtual/input/input32 [ 351.574265][ T26] audit: type=1804 audit(1588169600.674:96): pid=10708 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/61/bus" dev="sda1" ino=16197 res=1 [ 351.693387][ T26] audit: type=1804 audit(1588169600.724:97): pid=10712 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/61/bus" dev="sda1" ino=16197 res=1 [ 351.863911][T10697] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 14:13:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:21 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 351.984086][T10697] FAT-fs (loop3): Filesystem has been set read-only 14:13:21 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(0x0, 0x0) [ 352.083845][T10697] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 352.352637][T10718] IPVS: ftp: loaded support on port[0] = 21 14:13:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 352.419980][T10723] input: syz1 as /devices/virtual/input/input33 14:13:21 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x10}, 0xc) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, 0xb) write$binfmt_elf32(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f"], 0x1) 14:13:21 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(0x0, 0x0) 14:13:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:21 executing program 4: setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_config_ext={0x400}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(0x0, 0x0) [ 352.791660][T10748] input: syz1 as /devices/virtual/input/input34 14:13:21 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 352.879720][T10720] IPVS: ftp: loaded support on port[0] = 21 14:13:22 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x3, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x3, &(0x7f00000047c0)=""/10, 0xa}, 0x10000}], 0x5, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:22 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 353.132501][ T26] audit: type=1804 audit(1588169602.234:98): pid=10782 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/62/bus" dev="sda1" ino=16224 res=1 [ 353.148539][T10783] input: syz1 as /devices/virtual/input/input35 [ 353.241441][ T26] audit: type=1804 audit(1588169602.304:99): pid=10789 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/62/bus" dev="sda1" ino=16224 res=1 14:13:25 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_AUDIO(0xffffffffffffffff, 0x80345621, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0), 0x4) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0xde, 0x0) getsockname$l2tp(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @private}, &(0x7f0000000380)=0x10) accept$netrom(r1, &(0x7f0000000280)={{0x3, @default}, [@bcast, @rose, @null, @rose, @bcast, @remote, @netrom, @null]}, &(0x7f0000000200)=0x48) lseek(0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffb) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000180)={0x80000000, 0x7, 0x1, 0x4000000, 0x3, {0x0, 0xea60}, {0x0, 0x0, 0x7, 0x4, 0x6, 0xff, "4a858f79"}, 0x0, 0x1, @userptr=0x7, 0x0, 0x0, r0}) unshare(0x40040400) sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x1) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000005c0)={0x3, 0x70, 0x0, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(0xffffffffffffffff, 0x80605414, &(0x7f0000000540)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) 14:13:25 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_mount_image$tmpfs(&(0x7f0000000200)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6d706f6c3d62696e643d7374677469633abdcc0a65"]) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:13:25 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x3, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x3, &(0x7f00000047c0)=""/10, 0xa}, 0x10000}], 0x5, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:25 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 356.923158][T10834] input: syz1 as /devices/virtual/input/input36 [ 356.939856][T10836] tmpfs: Bad value for 'mpol' [ 356.943410][T10837] IPVS: ftp: loaded support on port[0] = 21 [ 357.013291][T10850] tmpfs: Bad value for 'mpol' 14:13:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 357.116685][ T26] audit: type=1804 audit(1588169606.214:100): pid=10857 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/63/file0/bus" dev="loop5" ino=73 res=1 [ 357.575411][ T26] audit: type=1804 audit(1588169606.264:101): pid=10873 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/63/file0/bus" dev="loop5" ino=73 res=1 [ 357.600931][T10887] input: syz1 as /devices/virtual/input/input37 14:13:26 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x3, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x3, &(0x7f00000047c0)=""/10, 0xa}, 0x10000}], 0x5, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:26 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:26 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x3, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x3, &(0x7f00000047c0)=""/10, 0xa}, 0x10000}], 0x5, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 357.899263][ T8000] attempt to access beyond end of device [ 357.923174][ T8000] loop5: rw=1, want=3261, limit=63 [ 357.953023][ T8000] attempt to access beyond end of device [ 357.961272][ T8000] loop5: rw=1, want=5309, limit=63 [ 357.980788][ T8000] attempt to access beyond end of device [ 357.988339][ T8000] loop5: rw=1, want=7373, limit=63 [ 357.995980][T10908] input: syz1 as /devices/virtual/input/input38 [ 358.040159][ T8000] attempt to access beyond end of device [ 358.081475][ T8000] loop5: rw=1, want=9421, limit=63 [ 358.105573][ T8000] attempt to access beyond end of device [ 358.122155][ T8000] loop5: rw=1, want=11477, limit=63 [ 358.221745][ T8000] attempt to access beyond end of device [ 358.266327][ T8000] loop5: rw=1, want=13525, limit=63 14:13:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)) 14:13:27 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@can_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "ba365f8dc4463723"}, 0x7}}]}, 0x2c}}, 0x0) 14:13:27 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:27 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 358.291557][ T8000] attempt to access beyond end of device [ 358.299849][ T8000] loop5: rw=1, want=15573, limit=63 14:13:27 executing program 3: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') ioctl$TIOCGSID(r0, 0x5429, 0x0) [ 358.340049][ T8000] attempt to access beyond end of device [ 358.345740][ T8000] loop5: rw=1, want=17629, limit=63 14:13:27 executing program 4: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfffffd93}], 0x1, 0x0) r1 = gettid() select(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0xd) ptrace$cont(0x20, r1, 0x0, 0x0) [ 358.394296][T10928] input: syz1 as /devices/virtual/input/input39 [ 358.416044][ T8000] attempt to access beyond end of device [ 358.439078][ T8000] loop5: rw=1, want=19677, limit=63 14:13:27 executing program 1: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000003c0)=r0, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, 0x0}, 0x0) [ 358.485243][ T8000] attempt to access beyond end of device [ 358.515867][ T8000] loop5: rw=1, want=19977, limit=63 [ 358.526682][ T21] tipc: TX() has been purged, node left! 14:13:27 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:27 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000040)={{0x7}, 'port1\x00'}) 14:13:27 executing program 4: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfffffd93}], 0x1, 0x0) r1 = gettid() select(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0xd) ptrace$cont(0x20, r1, 0x0, 0x0) [ 358.683402][T10955] input: syz1 as /devices/virtual/input/input40 [ 358.915373][ T26] audit: type=1804 audit(1588169608.014:102): pid=10973 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/64/file0/bus" dev="loop5" ino=74 res=1 [ 358.999608][ T26] audit: type=1804 audit(1588169608.084:103): pid=10978 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/64/file0/bus" dev="loop5" ino=74 res=1 14:13:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:28 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:28 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000040)={{0x7}, 'port1\x00'}) 14:13:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000}, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r3, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x9) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:13:28 executing program 1: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000003c0)=r0, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, 0x0}, 0x0) [ 359.690318][T10995] input: syz1 as /devices/virtual/input/input41 14:13:28 executing program 3: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000003c0)=r0, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, 0x0}, 0x0) 14:13:28 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={0x0, 0x5}, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 14:13:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:29 executing program 1: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) [ 359.945116][ T26] audit: type=1804 audit(1588169609.044:104): pid=11018 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/65/file0/bus" dev="loop5" ino=75 res=1 [ 360.272088][T11035] input: syz1 as /devices/virtual/input/input42 [ 360.285819][ T26] audit: type=1804 audit(1588169609.094:105): pid=11030 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/65/file0/bus" dev="loop5" ino=75 res=1 14:13:29 executing program 1: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) 14:13:29 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:29 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000003c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) 14:13:29 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 360.694253][ T29] attempt to access beyond end of device [ 360.778540][ T29] loop5: rw=1, want=3049, limit=63 14:13:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r2, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 360.890792][ T29] attempt to access beyond end of device [ 360.934483][ T29] loop5: rw=1, want=5097, limit=63 14:13:30 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x10}, 0xc) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, 0xb) ftruncate(0xffffffffffffffff, 0x0) write$binfmt_elf32(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f"], 0x1) 14:13:30 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000003c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) 14:13:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 360.982635][T11071] input: syz1 as /devices/virtual/input/input43 [ 360.992116][ T29] attempt to access beyond end of device [ 361.020981][ T29] loop5: rw=1, want=7145, limit=63 [ 361.059835][ T29] attempt to access beyond end of device [ 361.072530][ T29] loop5: rw=1, want=9201, limit=63 14:13:30 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 361.121492][ T29] attempt to access beyond end of device [ 361.141748][ T29] loop5: rw=1, want=11249, limit=63 [ 361.192409][ T29] attempt to access beyond end of device 14:13:30 executing program 4: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000003c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) 14:13:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000280)="d36389ce0d47243b8a0dc23cc8489e27b243e508fb0f62c8ddccf94c935b2624092f9f9803a02e2e95bc64806224ce61f822e2ea65bafa0c1a8906176378cddbfea70b94968d037536708ed5c369da1939c84d5228fcc666a8d5bcd67d759d01be70bdea34221f0acb9bb95aac2dfbfcfa738b65fe4a1bb2ccfccade64ac4004f47ab2dbbeb27cd6312d1189b0a25de4194002e0c472e1278bec9755aac66c0bf7dea5cc51ad3bad0264572af962812ad16a6ad41c3d96829d1479b291a7670ed53e09182361a17d584aaab36c9700d927ca31d0ccac4a984af2731a220b88b3b4e6cc197fc6218d6e0d3eb4a1eeaa9c5d8f4a96a0ee46f237b3693a09e6be7d04f46617ba82d7b179cbba264abca603bff1a2b370", 0x115}], 0x1}, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x34000}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "02"}], 0x18}, 0xfc) [ 361.233177][ T29] loop5: rw=1, want=13297, limit=63 [ 361.291440][ T29] attempt to access beyond end of device [ 361.301793][ T29] loop5: rw=1, want=15345, limit=63 [ 361.321622][ T29] attempt to access beyond end of device [ 361.335137][T11092] input: syz1 as /devices/virtual/input/input44 [ 361.335312][ T29] loop5: rw=1, want=17393, limit=63 14:13:30 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000003c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) [ 361.478780][ T29] attempt to access beyond end of device [ 361.484474][ T29] loop5: rw=1, want=19441, limit=63 [ 361.536169][ T29] attempt to access beyond end of device [ 361.542240][ T29] loop5: rw=1, want=21489, limit=63 [ 361.552444][ T29] attempt to access beyond end of device [ 361.567712][ T29] loop5: rw=1, want=23185, limit=63 [ 361.932272][ T26] audit: type=1804 audit(1588169611.034:106): pid=11111 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/66/file0/bus" dev="loop5" ino=76 res=1 [ 362.003465][ T26] audit: type=1804 audit(1588169611.104:107): pid=11115 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/66/file0/bus" dev="loop5" ino=76 res=1 14:13:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:32 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:32 executing program 4: 14:13:32 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x10004e23, @loopback}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0xffffffd8) 14:13:32 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000003c0), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) 14:13:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 363.633101][T11138] input: syz1 as /devices/virtual/input/input45 14:13:32 executing program 4: [ 363.752072][ T26] audit: type=1804 audit(1588169612.854:108): pid=11148 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/67/file0/bus" dev="loop5" ino=77 res=1 14:13:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:33 executing program 3: [ 364.136040][T11160] input: syz1 as /devices/virtual/input/input46 [ 364.143487][ T26] audit: type=1804 audit(1588169612.904:109): pid=11154 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/67/file0/bus" dev="loop5" ino=77 res=1 14:13:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/rt_acct\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 14:13:33 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) 14:13:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:33 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, "774c8e38043b405b74a51da93fd27535e444c0"}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:33 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffff38) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) [ 364.591912][ T8003] attempt to access beyond end of device [ 364.617998][ T8003] loop5: rw=1, want=3025, limit=63 14:13:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 364.683492][ T8003] attempt to access beyond end of device [ 364.706901][ T8003] loop5: rw=1, want=5073, limit=63 [ 364.750708][ T26] audit: type=1800 audit(1588169613.854:110): pid=11184 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16252 res=0 [ 364.816882][ T8003] attempt to access beyond end of device [ 364.841668][ T8003] loop5: rw=1, want=7121, limit=63 [ 364.861791][ T26] audit: type=1804 audit(1588169613.854:111): pid=11184 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/111/file0" dev="sda1" ino=16252 res=1 [ 364.879639][ T8003] attempt to access beyond end of device [ 364.894342][ T8003] loop5: rw=1, want=9169, limit=63 14:13:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 364.987010][ T26] audit: type=1804 audit(1588169613.924:112): pid=11185 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/111/file0" dev="sda1" ino=16252 res=1 [ 365.016162][ T8003] attempt to access beyond end of device 14:13:34 executing program 4: [ 365.053402][ T8003] loop5: rw=1, want=11217, limit=63 14:13:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) [ 365.108074][ T8003] attempt to access beyond end of device [ 365.128901][ T8003] loop5: rw=1, want=13273, limit=63 [ 365.170767][ T8003] attempt to access beyond end of device [ 365.202496][ T8003] loop5: rw=1, want=15321, limit=63 14:13:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 365.267596][ T8003] attempt to access beyond end of device 14:13:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) [ 365.312681][ T8003] loop5: rw=1, want=17369, limit=63 14:13:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 365.387776][ T8003] attempt to access beyond end of device [ 365.402803][ T8003] loop5: rw=1, want=19417, limit=63 [ 365.422158][ T8003] attempt to access beyond end of device [ 365.444110][ T8003] loop5: rw=1, want=19565, limit=63 14:13:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) recvmsg(0xffffffffffffffff, &(0x7f000002c080)={&(0x7f000002bec0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000002c000)=[{0x0}], 0x1}, 0x0) [ 365.539948][ T26] audit: type=1804 audit(1588169614.644:113): pid=11189 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/111/file0" dev="sda1" ino=16252 res=1 14:13:34 executing program 1: [ 365.691750][ T26] audit: type=1804 audit(1588169614.674:114): pid=11189 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/111/file0" dev="sda1" ino=16252 res=1 [ 366.010222][ T26] audit: type=1804 audit(1588169615.114:115): pid=11220 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/68/file0/bus" dev="loop5" ino=78 res=1 [ 366.082637][ T26] audit: type=1804 audit(1588169615.184:116): pid=11224 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/68/file0/bus" dev="loop5" ino=78 res=1 14:13:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 366.952746][ T26] audit: type=1804 audit(1588169616.054:117): pid=11241 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/69/file0/bus" dev="loop5" ino=79 res=1 [ 367.669676][ T8003] attempt to access beyond end of device [ 367.675454][ T8003] loop5: rw=1, want=3849, limit=63 [ 367.684838][ T8003] attempt to access beyond end of device [ 367.690540][ T8003] loop5: rw=1, want=5905, limit=63 [ 367.700493][ T8003] attempt to access beyond end of device [ 367.706245][ T8003] loop5: rw=1, want=7953, limit=63 14:13:36 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:36 executing program 4: 14:13:36 executing program 1: 14:13:36 executing program 3: 14:13:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 367.715761][ T8003] attempt to access beyond end of device [ 367.721470][ T8003] loop5: rw=1, want=10001, limit=63 [ 367.732281][ T8003] attempt to access beyond end of device [ 367.738012][ T8003] loop5: rw=1, want=12049, limit=63 [ 367.749377][ T8003] attempt to access beyond end of device [ 367.755035][ T8003] loop5: rw=1, want=14105, limit=63 [ 367.782111][ T8003] attempt to access beyond end of device [ 367.806713][ T8003] loop5: rw=1, want=16153, limit=63 14:13:37 executing program 3: 14:13:37 executing program 4: 14:13:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 367.849248][ T8003] attempt to access beyond end of device [ 367.874688][ T8003] loop5: rw=1, want=18201, limit=63 14:13:37 executing program 1: [ 367.929322][ T8003] attempt to access beyond end of device [ 367.935010][ T8003] loop5: rw=1, want=20249, limit=63 14:13:37 executing program 1: [ 367.986051][ T8003] attempt to access beyond end of device [ 368.021157][ T8003] loop5: rw=1, want=22297, limit=63 14:13:37 executing program 3: [ 368.055983][ T8003] attempt to access beyond end of device [ 368.085647][ T8003] loop5: rw=1, want=24345, limit=63 [ 368.122507][ T8003] attempt to access beyond end of device [ 368.142634][ T8003] loop5: rw=1, want=26393, limit=63 [ 368.155144][ T8003] attempt to access beyond end of device [ 368.164670][ T8003] loop5: rw=1, want=28237, limit=63 14:13:37 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) 14:13:37 executing program 4: 14:13:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:37 executing program 1: 14:13:37 executing program 3: 14:13:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:38 executing program 4: 14:13:38 executing program 3: 14:13:38 executing program 1: 14:13:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:38 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) 14:13:38 executing program 1: 14:13:38 executing program 4: 14:13:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:38 executing program 1: [ 369.550199][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 369.550218][ T26] audit: type=1804 audit(1588169618.654:121): pid=11311 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/71/file0/bus" dev="loop5" ino=81 res=1 14:13:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:38 executing program 1: [ 369.629183][ T26] audit: type=1804 audit(1588169618.734:122): pid=11316 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/71/file0/bus" dev="loop5" ino=81 res=1 [ 370.402787][ T26] audit: type=1804 audit(1588169618.884:123): pid=11320 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir750066630/syzkaller.rdIBOH/171/bus" dev="sda1" ino=16281 res=1 [ 370.426585][ T26] audit: type=1804 audit(1588169618.924:124): pid=11321 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir750066630/syzkaller.rdIBOH/171/bus" dev="sda1" ino=16281 res=1 14:13:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r5) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:39 executing program 4: 14:13:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:39 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) 14:13:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 370.572098][ T21] attempt to access beyond end of device [ 370.597822][ T21] loop5: rw=1, want=3857, limit=63 14:13:39 executing program 4: 14:13:39 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 370.659798][ T21] attempt to access beyond end of device [ 370.722034][ T21] loop5: rw=1, want=5905, limit=63 [ 370.751502][ T21] attempt to access beyond end of device [ 370.760700][ T21] loop5: rw=1, want=7953, limit=63 [ 370.787081][ T21] attempt to access beyond end of device [ 370.800450][ T21] loop5: rw=1, want=10001, limit=63 14:13:39 executing program 4: [ 370.849514][ T21] attempt to access beyond end of device [ 370.897804][ T26] audit: type=1804 audit(1588169620.004:125): pid=11341 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/121/file0/bus" dev="loop1" ino=82 res=1 [ 370.903075][ T21] loop5: rw=1, want=12057, limit=63 14:13:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 371.134685][ T26] audit: type=1804 audit(1588169620.074:126): pid=11346 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir295279519/syzkaller.nVYZY1/121/file0/bus" dev="loop1" ino=82 res=1 14:13:40 executing program 4: [ 371.261376][ T21] attempt to access beyond end of device [ 371.279176][ T26] audit: type=1804 audit(1588169620.154:127): pid=11348 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir750066630/syzkaller.rdIBOH/172/file0/bus" dev="loop3" ino=83 res=1 [ 371.308030][ T21] loop5: rw=1, want=14105, limit=63 [ 371.420524][ T21] attempt to access beyond end of device [ 371.435281][ T21] loop5: rw=1, want=17217, limit=63 [ 371.464966][ T26] audit: type=1804 audit(1588169620.204:128): pid=11351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir750066630/syzkaller.rdIBOH/172/file0/bus" dev="loop3" ino=83 res=1 [ 371.507631][ T21] attempt to access beyond end of device 14:13:40 executing program 4: 14:13:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 371.600418][ T21] loop5: rw=1, want=19333, limit=63 [ 371.733217][T11358] input: syz1 as /devices/virtual/input/input56 [ 371.798015][ T21] attempt to access beyond end of device [ 371.803703][ T21] loop3: rw=1, want=4561, limit=63 [ 371.822996][ T21] attempt to access beyond end of device [ 371.838860][ T21] loop3: rw=1, want=6697, limit=63 [ 371.867791][ T21] attempt to access beyond end of device [ 371.873508][ T21] loop3: rw=1, want=8745, limit=63 [ 371.897934][ T21] attempt to access beyond end of device [ 371.904434][ T21] loop3: rw=1, want=10793, limit=63 [ 371.917343][ T21] attempt to access beyond end of device [ 371.923062][ T21] loop3: rw=1, want=12849, limit=63 [ 371.934746][ T21] attempt to access beyond end of device [ 371.941212][ T21] loop3: rw=1, want=14897, limit=63 [ 371.952379][ T21] attempt to access beyond end of device [ 371.958584][ T21] loop3: rw=1, want=16885, limit=63 [ 372.055647][ T26] audit: type=1804 audit(1588169621.154:129): pid=11372 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/72/file0/bus" dev="loop5" ino=84 res=1 [ 372.104394][ T26] audit: type=1804 audit(1588169621.204:130): pid=11376 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/72/file0/bus" dev="loop5" ino=84 res=1 14:13:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:41 executing program 1: 14:13:41 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:13:41 executing program 3: 14:13:41 executing program 4: 14:13:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:42 executing program 4: [ 372.854055][T11396] input: syz1 as /devices/virtual/input/input57 14:13:42 executing program 1: 14:13:42 executing program 3: 14:13:42 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:42 executing program 3: 14:13:42 executing program 4: [ 373.220083][T11417] input: syz1 as /devices/virtual/input/input58 14:13:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:42 executing program 1: 14:13:44 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:13:44 executing program 4: 14:13:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:44 executing program 3: 14:13:44 executing program 1: 14:13:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 375.877996][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 375.878015][ T26] audit: type=1804 audit(1588169624.984:135): pid=11450 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/75/file0/bus" dev="loop5" ino=87 res=1 14:13:45 executing program 1: 14:13:45 executing program 4: 14:13:45 executing program 3: 14:13:45 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 376.077679][ T26] audit: type=1804 audit(1588169625.054:136): pid=11454 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/75/file0/bus" dev="loop5" ino=87 res=1 14:13:45 executing program 1: 14:13:45 executing program 3: 14:13:47 executing program 3: 14:13:47 executing program 4: 14:13:47 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:13:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:47 executing program 1: 14:13:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:48 executing program 4: 14:13:48 executing program 1: 14:13:48 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:48 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x40405514, &(0x7f0000000140)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0, 0x0, [], [0x6]}) [ 379.015039][ T26] audit: type=1804 audit(1588169628.114:137): pid=11485 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/76/file0/bus" dev="loop5" ino=88 res=1 14:13:48 executing program 4: 14:13:48 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:48 executing program 4: [ 379.165602][ T26] audit: type=1804 audit(1588169628.164:138): pid=11490 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/76/file0/bus" dev="loop5" ino=88 res=1 14:13:48 executing program 1: [ 379.296368][T11501] input: syz1 as /devices/virtual/input/input62 14:13:51 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:13:51 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:51 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:51 executing program 1: 14:13:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:51 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) [ 382.083864][T11532] input: syz1 as /devices/virtual/input/input63 [ 382.130696][ T26] audit: type=1804 audit(1588169631.234:139): pid=11534 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/77/file0/bus" dev="loop5" ino=89 res=1 14:13:51 executing program 1: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) 14:13:51 executing program 4: syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x1c7800) 14:13:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 382.249613][T11544] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 382.249613][T11544] program syz-executor.1 not setting count and/or reply_len properly 14:13:51 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) [ 382.308955][ T26] audit: type=1804 audit(1588169631.304:140): pid=11542 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/77/file0/bus" dev="loop5" ino=89 res=1 [ 382.310677][T11544] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 382.310677][T11544] program syz-executor.1 not setting count and/or reply_len properly 14:13:51 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:51 executing program 4: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x30, 0x2, {{}, [@TCA_NETEM_RATE={0x14}]}}}]}, 0x60}}, 0x0) [ 382.426642][T11554] input: syz1 as /devices/virtual/input/input64 14:13:51 executing program 1: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) 14:13:51 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 14:13:51 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:13:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 382.635467][T11568] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 382.635467][T11568] program syz-executor.1 not setting count and/or reply_len properly [ 382.739208][T11576] input: syz1 as /devices/virtual/input/input65 14:13:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:52 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 14:13:52 executing program 4: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) 14:13:52 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:52 executing program 1: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) 14:13:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 382.960711][T11591] input: syz1 as /devices/virtual/input/input66 [ 382.984640][T11589] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 382.984640][T11589] program syz-executor.1 not setting count and/or reply_len properly 14:13:52 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 14:13:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:52 executing program 4: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) 14:13:52 executing program 1: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a000000af031f98e08ad58f03cf8fb1bc78ffb92fb476f701076749d57ddc37ca91ff68e0f9f0f8d14f69368272b0d4e93037bb8e1d0beb80dc87145c723d5ecbe556bb39ad383c83dedcff639bb9a84e70ab0e2f075fe8f6333ee4e7e980b7fc8dbb7dcf9cc40c2330f74791a20cde9f37d4068616b45d55666449c974cb453fe350fac63b661e6b6356b80e197ddc37467d49eb5db0c9af11c9d6685b073843c3144932de0c6055fa8a1a39860bc22202ac2431802bb4dea34baaff06e8b4789462abf0346c7593cc50a92aba540aa4b51dd36f52c2a6f4b1adb7f67c3d43464604c6ea90f36ba9ebe22f892fa32af3a22f09fca4ed2499dc08a5e0867cf70ebf36e74f334da508219704"], 0x92) open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000f12000)={0x400000010, 0x0, 0x0, 0x40000}, 0xc) [ 383.190931][ T26] audit: type=1804 audit(1588169632.294:141): pid=11606 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/78/file0/bus" dev="loop5" ino=90 res=1 14:13:52 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) [ 383.270853][ T26] audit: type=1804 audit(1588169632.364:142): pid=11613 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/78/file0/bus" dev="loop5" ino=90 res=1 [ 383.362564][T11612] input: syz1 as /devices/virtual/input/input67 [ 383.375439][T11615] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 383.375439][T11615] program syz-executor.4 not setting count and/or reply_len properly 14:13:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0), 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 383.846723][T11628] input: syz1 as /devices/virtual/input/input68 14:13:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:53 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) 14:13:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0), 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 383.965475][ T8003] attempt to access beyond end of device [ 383.990219][T11636] input: syz1 as /devices/virtual/input/input69 [ 383.992777][ T8003] loop5: rw=1, want=3641, limit=63 [ 384.043478][ T8003] attempt to access beyond end of device [ 384.069764][ T8003] loop5: rw=1, want=5689, limit=63 [ 384.090621][ T8003] attempt to access beyond end of device [ 384.099111][ T8003] loop5: rw=1, want=7737, limit=63 [ 384.115238][ T8003] attempt to access beyond end of device [ 384.121568][ T8003] loop5: rw=1, want=9785, limit=63 [ 384.137425][ T8003] attempt to access beyond end of device [ 384.143519][ T8003] loop5: rw=1, want=11833, limit=63 [ 384.158634][ T8003] attempt to access beyond end of device [ 384.164365][ T8003] loop5: rw=1, want=13881, limit=63 [ 384.179735][ T8003] attempt to access beyond end of device [ 384.185471][ T8003] loop5: rw=1, want=15929, limit=63 [ 384.199562][ T8003] attempt to access beyond end of device [ 384.205415][ T8003] loop5: rw=1, want=17977, limit=63 [ 384.226211][ T8003] attempt to access beyond end of device [ 384.240949][ T8003] loop5: rw=1, want=20033, limit=63 [ 384.262284][ T8003] attempt to access beyond end of device [ 384.276788][ T8003] loop5: rw=1, want=22081, limit=63 [ 384.286024][ T8003] attempt to access beyond end of device [ 384.306839][ T8003] loop5: rw=1, want=24129, limit=63 [ 384.314780][ T8003] attempt to access beyond end of device [ 384.320895][ T8003] loop5: rw=1, want=24585, limit=63 [ 384.522973][ T26] audit: type=1804 audit(1588169633.624:143): pid=11654 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/79/file0/bus" dev="loop5" ino=91 res=1 [ 384.573129][ T26] audit: type=1804 audit(1588169633.674:144): pid=11657 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/79/file0/bus" dev="loop5" ino=91 res=1 14:13:55 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:55 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r2, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x34000}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000084000000000000000200000000000071009b62accb7e0ff598aea7d4d7aef1abacbac06f2716b809139331b6a2c700"], 0x18}, 0xfc) 14:13:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) exit(0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:13:55 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) 14:13:55 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0), 0x0) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:55 executing program 4: sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x44042, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x27, 0x1, 0x2, 0x4, 0x9, 0x67, "aff38f466ec3224ce649d47cd98b49b43774527d2f786fa407b18ec8a51353bbc7e1a6688593c6b78bf55ff70032cb3eef2fd72e72151f5387a70caf85a3e7", 0x6}, 0x60, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x4000080) ftruncate(r1, 0x2008002) sendfile(r0, r1, 0x0, 0x200fff) [ 386.037799][T11682] input: syz1 as /devices/virtual/input/input70 [ 386.096342][ T26] audit: type=1804 audit(1588169635.194:145): pid=11686 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/80/file0/bus" dev="loop5" ino=92 res=1 [ 386.195939][ C1] sd 0:0:1:0: [sg0] tag#803 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 386.206551][ C1] sd 0:0:1:0: [sg0] tag#803 CDB: Play track relative(12), sa=0x11 [ 386.214637][ C1] sd 0:0:1:0: [sg0] tag#803 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 386.224316][ C1] sd 0:0:1:0: [sg0] tag#803 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 386.234089][ C1] sd 0:0:1:0: [sg0] tag#803 CDB[20]: fe 14:13:55 executing program 3: r0 = socket$unix(0x1, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:55 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{0x0}], 0x1) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 386.549822][ T26] audit: type=1804 audit(1588169635.654:146): pid=11698 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/80/file0/bus" dev="loop5" ino=92 res=1 14:13:55 executing program 3: r0 = socket$unix(0x1, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) [ 386.657400][ T26] audit: type=1800 audit(1588169635.754:147): pid=11696 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16375 res=0 14:13:55 executing program 4: sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x44042, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x27, 0x1, 0x2, 0x4, 0x9, 0x67, "aff38f466ec3224ce649d47cd98b49b43774527d2f786fa407b18ec8a51353bbc7e1a6688593c6b78bf55ff70032cb3eef2fd72e72151f5387a70caf85a3e7", 0x6}, 0x60, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x4000080) ftruncate(r1, 0x2008002) sendfile(r0, r1, 0x0, 0x200fff) [ 386.716553][T11706] input: syz1 as /devices/virtual/input/input71 [ 386.727524][ T26] audit: type=1800 audit(1588169635.764:148): pid=11697 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16375 res=0 [ 386.783111][ C0] sd 0:0:1:0: [sg0] tag#804 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 386.793479][ C0] sd 0:0:1:0: [sg0] tag#804 CDB: Play track relative(12), sa=0x11 [ 386.801435][ C0] sd 0:0:1:0: [sg0] tag#804 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 386.810950][ C0] sd 0:0:1:0: [sg0] tag#804 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 386.820458][ C0] sd 0:0:1:0: [sg0] tag#804 CDB[20]: fe 14:13:55 executing program 3: r0 = socket$unix(0x1, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, r1) 14:13:58 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:13:58 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:13:58 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) exit(0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:13:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{0x0}], 0x1) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:13:58 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(0x0, 0x4000000000000073, 0x0) dup2(r0, r1) [ 389.108510][T11739] input: syz1 as /devices/virtual/input/input72 [ 389.121886][ C0] sd 0:0:1:0: [sg0] tag#821 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 389.132238][ C0] sd 0:0:1:0: [sg0] tag#821 CDB: Play track relative(12), sa=0x11 [ 389.140115][ C0] sd 0:0:1:0: [sg0] tag#821 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 389.149644][ C0] sd 0:0:1:0: [sg0] tag#821 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 389.159170][ C0] sd 0:0:1:0: [sg0] tag#821 CDB[20]: fe 14:13:58 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(0x0, 0x4000000000000073, 0x0) dup2(r0, r1) [ 389.271441][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 389.271459][ T26] audit: type=1804 audit(1588169638.374:150): pid=11748 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/81/file0/bus" dev="loop5" ino=93 res=1 14:13:58 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(0x0, 0x4000000000000073, 0x0) dup2(r0, r1) [ 389.399157][ T26] audit: type=1804 audit(1588169638.484:151): pid=11759 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/81/file0/bus" dev="loop5" ino=93 res=1 14:13:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{0x0}], 0x1) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:58 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:13:58 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) dup2(r0, r1) [ 389.605159][T11769] input: syz1 as /devices/virtual/input/input73 14:13:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 14:13:58 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) dup2(r0, r1) [ 389.817222][T11783] input: syz1 as /devices/virtual/input/input74 14:14:01 executing program 0: timer_create(0x0, 0x0, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:01 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) exit(0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:01 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) dup2(r0, r1) 14:14:01 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 392.204602][T11817] input: syz1 as /devices/virtual/input/input75 [ 392.240308][ C1] sd 0:0:1:0: [sg0] tag#822 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 392.250858][ C1] sd 0:0:1:0: [sg0] tag#822 CDB: Play track relative(12), sa=0x11 [ 392.258885][ C1] sd 0:0:1:0: [sg0] tag#822 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 392.268555][ C1] sd 0:0:1:0: [sg0] tag#822 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 392.277329][ T26] audit: type=1804 audit(1588169641.384:152): pid=11822 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/82/file0/bus" dev="loop5" ino=94 res=1 [ 392.278195][ C1] sd 0:0:1:0: [sg0] tag#822 CDB[20]: fe 14:14:01 executing program 3: socket$unix(0x1, 0x1, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) 14:14:01 executing program 0: timer_create(0x0, 0x0, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 392.705047][ T26] audit: type=1804 audit(1588169641.784:153): pid=11833 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/82/file0/bus" dev="loop5" ino=94 res=1 14:14:02 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:02 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) exit(0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:02 executing program 3: socket$unix(0x1, 0x1, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) 14:14:02 executing program 0: timer_create(0x0, 0x0, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:02 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 393.105829][ C0] sd 0:0:1:0: [sg0] tag#823 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 393.116271][ C0] sd 0:0:1:0: [sg0] tag#823 CDB: Play track relative(12), sa=0x11 [ 393.124141][ C0] sd 0:0:1:0: [sg0] tag#823 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 393.133657][ C0] sd 0:0:1:0: [sg0] tag#823 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 393.143175][ C0] sd 0:0:1:0: [sg0] tag#823 CDB[20]: fe [ 393.189555][ T29] attempt to access beyond end of device [ 393.203088][ T29] loop5: rw=1, want=16033, limit=63 [ 393.217640][ T29] attempt to access beyond end of device [ 393.223462][ T29] loop5: rw=1, want=18089, limit=63 14:14:02 executing program 3: socket$unix(0x1, 0x1, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(0xffffffffffffffff, r0) [ 393.235562][ T29] attempt to access beyond end of device [ 393.241845][ T29] loop5: rw=1, want=20153, limit=63 [ 393.254310][ T29] attempt to access beyond end of device [ 393.260560][ T29] loop5: rw=1, want=22209, limit=63 [ 393.274373][ T29] attempt to access beyond end of device [ 393.281680][ T29] loop5: rw=1, want=24233, limit=63 [ 393.293978][T11855] input: syz1 as /devices/virtual/input/input76 14:14:02 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:02 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, 0xffffffffffffffff) 14:14:02 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) [ 393.567088][ T26] audit: type=1804 audit(1588169642.674:154): pid=11872 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/83/file0/bus" dev="loop5" ino=95 res=1 14:14:02 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, 0xffffffffffffffff) 14:14:02 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x0) dup2(r0, 0xffffffffffffffff) [ 393.676197][ T26] audit: type=1804 audit(1588169642.744:155): pid=11878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/83/file0/bus" dev="loop5" ino=95 res=1 14:14:02 executing program 3: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[{0x10, 0x84, 0x1}], 0x10}, 0x0) 14:14:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:03 executing program 3: r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) 14:14:03 executing program 3: mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x1000003, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x20ce6000}, 0x200000}) [ 393.962794][ C0] sd 0:0:1:0: [sg0] tag#824 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 393.973176][ C0] sd 0:0:1:0: [sg0] tag#824 CDB: Play track relative(12), sa=0x11 [ 393.981058][ C0] sd 0:0:1:0: [sg0] tag#824 CDB[00]: a9 31 11 eb 25 e8 46 6b 6c d6 d0 21 1c 11 74 60 [ 393.990579][ C0] sd 0:0:1:0: [sg0] tag#824 CDB[10]: 1a a2 db 3b 53 f5 f0 bf f7 4b de 00 49 ea 50 ee [ 394.000116][ C0] sd 0:0:1:0: [sg0] tag#824 CDB[20]: fe 14:14:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:03 executing program 1: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x0, 0x40000008, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_bp={0x0, 0xc}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private}, &(0x7f0000000100)=0x10) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 394.356684][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000005c [ 394.366069][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000045 [ 394.376334][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000005a [ 394.385812][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000008b [ 394.428618][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000007f [ 394.467005][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000025 [ 394.475693][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000003e [ 394.485986][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000005d [ 394.498182][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000004e [ 394.511390][T11904] kvm [11903]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000005a [ 394.523713][ T26] audit: type=1804 audit(1588169643.624:156): pid=11912 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/84/file0/bus" dev="loop5" ino=96 res=1 [ 394.612225][ T26] audit: type=1804 audit(1588169643.674:157): pid=11915 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/84/file0/bus" dev="loop5" ino=96 res=1 [ 395.281554][ T29] attempt to access beyond end of device [ 395.287560][ T29] loop5: rw=1, want=3873, limit=63 [ 395.318986][ T29] attempt to access beyond end of device [ 395.324691][ T29] loop5: rw=1, want=5929, limit=63 [ 395.356005][ T29] attempt to access beyond end of device [ 395.372525][ T29] loop5: rw=1, want=8001, limit=63 [ 395.384122][ T29] attempt to access beyond end of device [ 395.390296][ T29] loop5: rw=1, want=10049, limit=63 [ 395.426231][ T29] attempt to access beyond end of device [ 395.437690][ T29] loop5: rw=1, want=12097, limit=63 [ 395.456228][ T29] attempt to access beyond end of device [ 395.462150][ T29] loop5: rw=1, want=14145, limit=63 [ 395.473111][ T29] attempt to access beyond end of device [ 395.479266][ T29] loop5: rw=1, want=16193, limit=63 [ 395.490960][ T29] attempt to access beyond end of device [ 395.496700][ T29] loop5: rw=1, want=18241, limit=63 [ 395.508272][ T29] attempt to access beyond end of device [ 395.516808][ T29] loop5: rw=1, want=20289, limit=63 [ 395.532543][ T29] attempt to access beyond end of device [ 395.538294][ T29] loop5: rw=1, want=22337, limit=63 [ 395.550154][ T29] attempt to access beyond end of device [ 395.555929][ T29] loop5: rw=1, want=24385, limit=63 [ 395.564657][ T29] attempt to access beyond end of device [ 395.570814][ T29] loop5: rw=1, want=25113, limit=63 14:14:05 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:05 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) 14:14:05 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, 0x0, 0x0) 14:14:05 executing program 1: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0xa, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @multicast2}]}}}]}, 0x3c}}, 0x0) 14:14:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:05 executing program 1: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 396.540535][T11936] syz-executor.3 uses obsolete (PF_INET,SOCK_PACKET) [ 396.579105][T11939] input: syz1 as /devices/virtual/input/input77 [ 396.633827][ T26] audit: type=1804 audit(1588169645.734:158): pid=11948 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/85/file0/bus" dev="loop5" ino=97 res=1 [ 396.731539][ T26] audit: type=1804 audit(1588169645.784:159): pid=11956 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/85/file0/bus" dev="loop5" ino=97 res=1 14:14:05 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:05 executing program 1: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:06 executing program 1: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:06 executing program 1: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:06 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 396.983217][T11967] overlayfs: filesystem on './file0' not supported as upperdir 14:14:08 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:08 executing program 1: syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:08 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:08 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) 14:14:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:08 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, 0x0, 0x0) [ 399.675313][T11992] input: syz1 as /devices/virtual/input/input78 14:14:08 executing program 1: syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 399.762327][ T26] audit: type=1804 audit(1588169648.864:160): pid=12000 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/86/file0/bus" dev="loop5" ino=98 res=1 [ 399.901328][ T26] audit: type=1804 audit(1588169648.934:161): pid=12008 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/86/file0/bus" dev="loop5" ino=98 res=1 14:14:09 executing program 1: syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:09 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:09 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 14:14:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, 0x0, 0x0) 14:14:09 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) [ 400.550865][ T8003] attempt to access beyond end of device [ 400.563352][ T8003] loop5: rw=1, want=3585, limit=63 [ 400.581895][ T8003] attempt to access beyond end of device [ 400.590428][ T8003] loop5: rw=1, want=5633, limit=63 [ 400.638408][ T8003] attempt to access beyond end of device [ 400.644093][ T8003] loop5: rw=1, want=7681, limit=63 [ 400.683764][ T8003] attempt to access beyond end of device [ 400.692939][ T8003] loop5: rw=1, want=9753, limit=63 [ 400.730954][T12024] input: syz1 as /devices/virtual/input/input79 [ 400.750733][ T8003] attempt to access beyond end of device [ 400.765232][ T8003] loop5: rw=1, want=11801, limit=63 14:14:09 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) [ 400.789136][ T8003] attempt to access beyond end of device [ 400.794930][ T8003] loop5: rw=1, want=13849, limit=63 [ 400.808075][ T8003] attempt to access beyond end of device [ 400.813871][ T8003] loop5: rw=1, want=15897, limit=63 [ 400.826442][ T8003] attempt to access beyond end of device [ 400.840598][ T8003] loop5: rw=1, want=17945, limit=63 [ 400.888717][ T8003] attempt to access beyond end of device [ 400.901166][ T8003] loop5: rw=1, want=19993, limit=63 [ 400.942572][ T8003] attempt to access beyond end of device [ 400.978250][ T8003] loop5: rw=1, want=22041, limit=63 [ 400.992329][ T8003] attempt to access beyond end of device [ 400.998302][ T8003] loop5: rw=1, want=23537, limit=63 [ 401.241405][ T26] audit: type=1804 audit(1588169650.344:162): pid=12044 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/87/file0/bus" dev="loop5" ino=99 res=1 [ 401.324570][ T26] audit: type=1804 audit(1588169650.414:163): pid=12047 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/87/file0/bus" dev="loop5" ino=99 res=1 [ 402.053268][ T29] attempt to access beyond end of device [ 402.076835][ T29] loop5: rw=1, want=3817, limit=63 [ 402.086190][ T29] attempt to access beyond end of device [ 402.093087][ T29] loop5: rw=1, want=5865, limit=63 [ 402.102682][ T29] attempt to access beyond end of device [ 402.108741][ T29] loop5: rw=1, want=7913, limit=63 [ 402.118860][ T29] attempt to access beyond end of device [ 402.124596][ T29] loop5: rw=1, want=9969, limit=63 [ 402.134556][ T29] attempt to access beyond end of device [ 402.140659][ T29] loop5: rw=1, want=12033, limit=63 [ 402.150652][ T29] attempt to access beyond end of device [ 402.156311][ T29] loop5: rw=1, want=14081, limit=63 [ 402.166416][ T29] attempt to access beyond end of device [ 402.172429][ T29] loop5: rw=1, want=16129, limit=63 [ 402.182399][ T29] attempt to access beyond end of device [ 402.188800][ T29] loop5: rw=1, want=18177, limit=63 [ 402.198676][ T29] attempt to access beyond end of device [ 402.204362][ T29] loop5: rw=1, want=20225, limit=63 [ 402.214251][ T29] attempt to access beyond end of device [ 402.220264][ T29] loop5: rw=1, want=22273, limit=63 [ 402.230763][ T29] attempt to access beyond end of device [ 402.236529][ T29] loop5: rw=1, want=24321, limit=63 [ 402.245187][ T29] attempt to access beyond end of device [ 402.251249][ T29] loop5: rw=1, want=25321, limit=63 14:14:11 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:11 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 14:14:11 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00'}, 0x45c) 14:14:11 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 14:14:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 402.694813][T12060] input: syz1 as /devices/virtual/input/input80 [ 402.764276][ T26] audit: type=1804 audit(1588169651.864:164): pid=12071 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/88/file0/bus" dev="loop5" ino=100 res=1 14:14:11 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x0, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:12 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x0, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 402.892267][ T26] audit: type=1804 audit(1588169651.934:165): pid=12077 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/88/file0/bus" dev="loop5" ino=100 res=1 14:14:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x0, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50eefe", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:12 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:14 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:14 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:14 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:14 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00'}, 0x45c) 14:14:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:14 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 14:14:15 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 405.847288][T12115] input: syz1 as /devices/virtual/input/input81 [ 405.913492][ T26] audit: type=1804 audit(1588169655.014:166): pid=12124 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/89/file0/bus" dev="loop5" ino=101 res=1 14:14:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 405.997906][ T26] audit: type=1804 audit(1588169655.084:167): pid=12129 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/89/file0/bus" dev="loop5" ino=101 res=1 14:14:15 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280), 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280), 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:15 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:17 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:17 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280), 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:17 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:17 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:14:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:17 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f00000004c0)=[{&(0x7f00000023c0)=""/4096, 0x18}], 0x43) write$uinput_user_dev(r3, &(0x7f0000000040)={'syz1\x00'}, 0x45c) [ 408.962188][ T26] audit: type=1804 audit(1588169658.064:168): pid=12171 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/90/file0/bus" dev="loop5" ino=102 res=1 14:14:18 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:18 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 409.143107][T12170] input: syz1 as /devices/virtual/input/input82 [ 409.274354][ T26] audit: type=1804 audit(1588169658.114:169): pid=12175 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/90/file0/bus" dev="loop5" ino=102 res=1 14:14:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x11, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601a", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:18 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x11, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601a", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:18 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:18 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x11, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601a", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000100)={0xe0003}) ioctl$KVM_SMI(r2, 0xaeb7) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:14:19 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 409.903512][ T204] attempt to access beyond end of device 14:14:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x19, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff7", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 409.945047][ T204] loop5: rw=1, want=2989, limit=63 14:14:19 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:19 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 409.986513][ T204] attempt to access beyond end of device [ 410.011566][ T204] loop5: rw=1, want=5037, limit=63 [ 410.069427][ T204] attempt to access beyond end of device [ 410.089662][ T204] loop5: rw=1, want=7085, limit=63 [ 410.107503][ T204] attempt to access beyond end of device [ 410.113313][ T204] loop5: rw=1, want=9149, limit=63 [ 410.125840][ T204] attempt to access beyond end of device [ 410.132280][ T204] loop5: rw=1, want=11205, limit=63 [ 410.144831][ T204] attempt to access beyond end of device [ 410.151503][ T204] loop5: rw=1, want=13253, limit=63 [ 410.164331][ T204] attempt to access beyond end of device [ 410.170789][ T204] loop5: rw=1, want=15301, limit=63 14:14:19 executing program 2: syz_open_dev$usbmon(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x5000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f00000001c0)='./file0/file0\x00', 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0xee01, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x81}) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSACCEPT(r0, 0x89e3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 14:14:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x19, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff7", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 410.183502][ T204] attempt to access beyond end of device [ 410.189312][ T204] loop5: rw=1, want=17349, limit=63 14:14:19 executing program 2: syz_open_dev$usbmon(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x5000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f00000001c0)='./file0/file0\x00', 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0xee01, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x81}) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSACCEPT(r0, 0x89e3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 14:14:19 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 410.245327][ T204] attempt to access beyond end of device [ 410.282618][ T204] loop5: rw=1, want=19397, limit=63 14:14:19 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 410.319361][ T204] attempt to access beyond end of device [ 410.335164][ T204] loop5: rw=1, want=21445, limit=63 14:14:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x19, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff7", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 410.385505][ T204] attempt to access beyond end of device [ 410.412590][ T204] loop5: rw=1, want=23493, limit=63 [ 410.450086][ T204] attempt to access beyond end of device [ 410.470642][ T204] loop5: rw=1, want=24573, limit=63 [ 410.739618][ T26] audit: type=1804 audit(1588169659.844:170): pid=12244 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/91/file0/bus" dev="loop5" ino=103 res=1 [ 410.823003][ T26] audit: type=1804 audit(1588169659.884:171): pid=12247 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/91/file0/bus" dev="loop5" ino=103 res=1 14:14:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:20 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:14:20 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:20 executing program 2: syz_open_dev$usbmon(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x5000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f00000001c0)='./file0/file0\x00', 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0xee01, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x81}) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSACCEPT(r0, 0x89e3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 14:14:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:20 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 411.555191][ T204] attempt to access beyond end of device [ 411.594764][ T204] loop5: rw=1, want=3893, limit=63 14:14:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:20 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)='+4', 0x2}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = gettid() tkill(r5, 0x23) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe4, 0x0) 14:14:20 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 411.646694][ T204] attempt to access beyond end of device [ 411.668945][T12268] overlayfs: failed to resolve './file0': -2 [ 411.679492][ T204] loop5: rw=1, want=5941, limit=63 14:14:20 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 411.730259][ T204] attempt to access beyond end of device [ 411.749789][ T204] loop5: rw=1, want=7989, limit=63 [ 411.779903][ T204] attempt to access beyond end of device [ 411.804970][ T204] loop5: rw=1, want=10061, limit=63 14:14:20 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x151042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x4000000000010046) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, r3, 0xb0343aabd1184b87}, 0x14}}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSW(r4, 0x5428, 0x0) 14:14:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 411.849204][ T204] attempt to access beyond end of device [ 411.871915][ T204] loop5: rw=1, want=12109, limit=63 [ 411.913536][ T204] attempt to access beyond end of device [ 411.941957][ T204] loop5: rw=1, want=14157, limit=63 [ 411.969873][T12283] overlayfs: failed to resolve './file0': -2 [ 411.984813][ T204] attempt to access beyond end of device [ 412.005865][ T204] loop5: rw=1, want=16205, limit=63 [ 412.066667][ T204] attempt to access beyond end of device [ 412.073128][ T204] loop5: rw=1, want=18253, limit=63 [ 412.085366][ T204] attempt to access beyond end of device [ 412.091954][ T204] loop5: rw=1, want=20301, limit=63 [ 412.103841][ T204] attempt to access beyond end of device [ 412.111283][ T204] loop5: rw=1, want=22349, limit=63 [ 412.147030][ T204] attempt to access beyond end of device [ 412.169403][ T204] loop5: rw=1, want=24397, limit=63 [ 412.193546][ T204] attempt to access beyond end of device [ 412.202096][ T204] loop5: rw=1, want=26445, limit=63 [ 412.210893][ T204] attempt to access beyond end of device [ 412.226897][ T204] loop5: rw=1, want=26593, limit=63 [ 412.488997][ T26] audit: type=1804 audit(1588169661.594:172): pid=12296 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/92/file0/bus" dev="loop5" ino=104 res=1 [ 412.615156][ T26] audit: type=1804 audit(1588169661.664:173): pid=12299 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/92/file0/bus" dev="loop5" ino=104 res=1 [ 412.898034][ T0] NOHZ: local_softirq_pending 08 14:14:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:22 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 413.379237][ T26] audit: type=1804 audit(1588169662.484:174): pid=12310 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/93/file0/bus" dev="loop5" ino=105 res=1 [ 413.452529][ T26] audit: type=1804 audit(1588169662.554:175): pid=12314 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/93/file0/bus" dev="loop5" ino=105 res=1 14:14:23 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1f, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea50", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:23 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:23 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x151042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x4000000000010046) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, r3, 0xb0343aabd1184b87}, 0x14}}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSW(r4, 0x5428, 0x0) 14:14:23 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:23 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 414.678251][T12330] overlayfs: failed to resolve './file0': -2 14:14:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 414.733010][ T26] audit: type=1804 audit(1588169663.834:176): pid=12333 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/94/file0/bus" dev="loop5" ino=106 res=1 14:14:23 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:23 executing program 3: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:24 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 414.886266][ T26] audit: type=1804 audit(1588169663.884:177): pid=12339 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/94/file0/bus" dev="loop5" ino=106 res=1 14:14:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1d, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:24 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$vsock_stream(0x28, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 415.063743][T12353] overlayfs: failed to resolve './file1': -2 14:14:24 executing program 3: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1e, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 415.254440][T12363] overlayfs: failed to resolve './file1': -2 14:14:26 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x151042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x4000000000010046) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, r3, 0xb0343aabd1184b87}, 0x14}}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSW(r4, 0x5428, 0x0) 14:14:26 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:26 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1e, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:26 executing program 3: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:26 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) [ 417.664071][T12379] overlayfs: failed to resolve './file1': -2 14:14:26 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 417.746167][ T26] audit: type=1804 audit(1588169666.844:178): pid=12386 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/95/file0/bus" dev="loop5" ino=107 res=1 14:14:26 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 417.849334][ T26] audit: type=1804 audit(1588169666.944:179): pid=12389 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/95/file0/bus" dev="loop5" ino=107 res=1 14:14:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000013c0)={0x53, 0x0, 0x1e, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="a93111eb25e8466b6cd6d0211c1174601aa2db3b53f5f0bff74bde0049ea", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:14:27 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 418.050878][T12400] overlayfs: failed to resolve './file1': -2 14:14:27 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r1, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x13, @l2={'eth', 0x3a, 'macvlan1\x00'}}}}, 0x30}}, 0x0) mkdirat$cgroup_root(0xffffff9c, 0x0, 0x1ff) [ 418.245543][T12410] overlayfs: failed to resolve './file1': -2 14:14:27 executing program 2: syz_mount_image$gfs2(&(0x7f00000001c0)='gfs2\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={[{@quota_on='quota=on'}]}) 14:14:27 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r1, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x13, @l2={'eth', 0x3a, 'macvlan1\x00'}}}}, 0x30}}, 0x0) mkdirat$cgroup_root(0xffffff9c, 0x0, 0x1ff) 14:14:27 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 418.697251][T12421] overlayfs: failed to resolve './file1': -2 [ 418.818821][T12430] gfs2: not a GFS2 filesystem [ 418.828638][ T26] audit: type=1804 audit(1588169667.934:180): pid=12429 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/96/file0/bus" dev="loop5" ino=108 res=1 [ 418.927002][ T26] audit: type=1804 audit(1588169668.034:181): pid=12439 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/96/file0/bus" dev="loop5" ino=108 res=1 [ 418.969467][T12430] gfs2: not a GFS2 filesystem 14:14:29 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:29 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:29 executing program 1: getpid() sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(0x0, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) open(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') syz_open_dev$vcsn(0x0, 0x0, 0x8000) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x13, @l2={'eth', 0x3a, 'macvlan1\x00'}}}}, 0x30}}, 0x0) mkdirat$cgroup_root(0xffffff9c, 0x0, 0x1ff) 14:14:29 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x1e, 0x2, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 14:14:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:29 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:29 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 420.791692][ T26] audit: type=1804 audit(1588169669.894:182): pid=12469 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/97/file0/bus" dev="loop5" ino=109 res=1 [ 420.802635][T12466] overlayfs: failed to resolve './file0': -2 14:14:30 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e0aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5eccb26d3a09ffc2c654"}, 0x80) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES64, @ANYBLOB="108a3161e52331800748e2d053c9880b391b8941c2ef5f2b22581a4388132f2a284ba42102aff1db7e3c55ce629aee60182af8776a8aa1ab27d82da38cdd1586ad4db03e28ab5bf244f742d07d1b90d1780953240b8fc6505543461d6aa22a452015b143d5c4c135e4c801ab787e92b1a81ca0e7dfe40680ed7858243f7dbe48dceef77944baf9a894726b3b464f27", @ANYPTR64, @ANYBLOB="838dc3bcb5516d453bfb5c1c6b60b3256f21ea83ae0e4d6db3fa06669dd1476fc1943cca9dca93b9c2e2fbe96769f85dc930789eb7be14a451accdcd0c15c8a12bc635c902edafeec9deaebef17e9e6052d1ab522f4191091105482280ba054442b513d0463b795a1712a20feaed2a99faf4bee5f366ce845be28e30a7cea2ee66", @ANYBLOB="8a1b3af096d40348842d5a31630f25dfcaec836fc48e31117d"], 0x0, 0x139}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/2, 0x2}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 420.996905][ T26] audit: type=1804 audit(1588169670.094:183): pid=12481 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/97/file0/bus" dev="loop5" ino=109 res=1 [ 421.073947][T12482] gfs2: Unknown parameter 'subj_role' 14:14:30 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:30 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:30 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:30 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) syz_open_dev$sg(0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) [ 421.302992][T12496] gfs2: Unknown parameter 'subj_role' [ 421.341353][T12502] overlayfs: failed to resolve './file0': -2 14:14:32 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:32 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:32 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:32 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) syz_open_dev$sg(0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) 14:14:32 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 423.807054][T12533] gfs2: Unknown parameter 'subj_role' [ 423.816111][T12534] overlayfs: failed to resolve './file0': -2 14:14:33 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:33 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 423.905156][ T26] audit: type=1804 audit(1588169673.004:184): pid=12545 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/98/file0/bus" dev="loop5" ino=110 res=1 14:14:33 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:33 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0xf31c}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 424.021537][ T26] audit: type=1804 audit(1588169673.124:185): pid=12552 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/98/file0/bus" dev="loop5" ino=110 res=1 [ 424.048656][T12553] gfs2: Unknown parameter 'subj_role' 14:14:33 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:33 executing program 1: syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:35 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:35 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:35 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:35 executing program 1: syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:35 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:35 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0xffffffffffffff12, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7c0d111317b1ff8ec8f29f81319ec5b10d0d003f00efd9448dbef1ffb4e3a6af87131512da528f6235fe35d3053b5cb4877c1b89bbf83f6d749d5b00679601a3abdc204cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cc0ce7a", 0xffffffffffffffd0, 0x401c005, 0x0, 0xffffffffffffff36) socket$inet6(0xa, 0x0, 0x0) [ 426.863618][T12599] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 14:14:36 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:36 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:36 executing program 1: syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 427.059301][ T26] audit: type=1804 audit(1588169676.164:186): pid=12608 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/99/file0/bus" dev="loop5" ino=111 res=1 14:14:36 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 427.190711][ T26] audit: type=1804 audit(1588169676.214:187): pid=12620 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/99/file0/bus" dev="loop5" ino=111 res=1 14:14:36 executing program 1: mkdir(0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:36 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 427.755872][ T204] attempt to access beyond end of device [ 427.761847][ T204] loop5: rw=1, want=2421, limit=63 [ 427.777290][ T204] attempt to access beyond end of device [ 427.783020][ T204] loop5: rw=1, want=4469, limit=63 [ 427.797062][ T204] attempt to access beyond end of device [ 427.802813][ T204] loop5: rw=1, want=6517, limit=63 [ 427.816637][ T204] attempt to access beyond end of device [ 427.822843][ T204] loop5: rw=1, want=8457, limit=63 14:14:39 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:39 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:39 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:39 executing program 1: mkdir(0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:39 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:39 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0xffffffffffffff12, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7c0d111317b1ff8ec8f29f81319ec5b10d0d003f00efd9448dbef1ffb4e3a6af87131512da528f6235fe35d3053b5cb4877c1b89bbf83f6d749d5b00679601a3abdc204cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cc0ce7a", 0xffffffffffffffd0, 0x401c005, 0x0, 0xffffffffffffff36) socket$inet6(0xa, 0x0, 0x0) 14:14:39 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:39 executing program 1: mkdir(0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 430.072453][ T26] audit: type=1804 audit(1588169679.174:188): pid=12670 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/100/file0/bus" dev="loop5" ino=112 res=1 14:14:39 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 430.197334][ T26] audit: type=1804 audit(1588169679.274:189): pid=12679 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/100/file0/bus" dev="loop5" ino=112 res=1 14:14:39 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:39 executing program 4: socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:39 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 430.850630][ T204] attempt to access beyond end of device [ 430.856453][ T204] loop5: rw=1, want=4037, limit=63 [ 430.868615][ T204] attempt to access beyond end of device [ 430.874340][ T204] loop5: rw=1, want=6085, limit=63 [ 430.887641][ T204] attempt to access beyond end of device [ 430.893463][ T204] loop5: rw=1, want=8133, limit=63 [ 430.906044][ T204] attempt to access beyond end of device [ 430.912538][ T204] loop5: rw=1, want=10189, limit=63 [ 430.924509][ T204] attempt to access beyond end of device [ 430.930965][ T204] loop5: rw=1, want=12237, limit=63 [ 430.939096][ T204] attempt to access beyond end of device [ 430.944912][ T204] loop5: rw=1, want=12333, limit=63 14:14:42 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:42 executing program 4: socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:42 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:42 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:42 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000280)="d36389ce0d47243b8a0dc23cc8489e27b243e508fb0f62c8ddccf94c935b2624092f9f9803a02e2e95bc64806224ce61f822e2ea65bafa0c1a8906176378cddbfea70b94968d037536708ed5c369da1939c84d5228fcc666a8d5bcd67d759d01be70bdea34221f0acb9bb95aac2dfbfcfa738b65fe4a1bb2ccfccade64ac4004f47ab2dbbeb27cd6312d1189b0a25de4194002e0c472e1278bec9755aac66c0bf7dea5cc51ad3bad0264572af962812ad16a6ad41c3d96829d1479b291a7670ed53e09182361a17d584aaab36c9700d927ca31d0ccac4a984af2731a220b88b3b4e6cc197fc6218d6e0d3eb4a1eeaa9c5d8f4a96a0ee46f237b3693a09e6be7d04f46617ba82d7b179cbba264abca603bff1", 0x112}], 0x1}, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x34000}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "02"}], 0x18}, 0xfc) 14:14:42 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:42 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:42 executing program 4: socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 433.215243][ T26] audit: type=1804 audit(1588169682.314:190): pid=12734 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/101/file0/bus" dev="loop5" ino=113 res=1 14:14:42 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 433.367784][ T26] audit: type=1804 audit(1588169682.424:191): pid=12746 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/101/file0/bus" dev="loop5" ino=113 res=1 14:14:42 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:42 executing program 4: openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:42 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:42 executing program 4: openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:42 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:42 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}, {@noquota='noquota'}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:42 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000280)="d36389ce0d47243b8a0dc23cc8489e27b243e508fb0f62c8ddccf94c935b2624092f9f9803a02e2e95bc64806224ce61f822e2ea65bafa0c1a8906176378cddbfea70b94968d037536708ed5c369da1939c84d5228fcc666a8d5bcd67d759d01be70bdea34221f0acb9bb95aac2dfbfcfa738b65fe4a1bb2ccfccade64ac4004f47ab2dbbeb27cd6312d1189b0a25de4194002e0c472e1278bec9755aac66c0bf7dea5cc51ad3bad0264572af962812ad16a6ad41c3d96829d1479b291a7670ed53e09182361a17d584aaab36c9700d927ca31d0ccac4a984af2731a220b88b3b4e6cc197fc6218d6e0d3eb4a1eeaa9c5d8f4a96a0ee46f237b3693a09e6be7d04f46617ba82d7b179cbba264abca603bff1", 0x112}], 0x1}, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x34000}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "02"}], 0x18}, 0xfc) 14:14:43 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:43 executing program 4: openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 433.949394][ T21] attempt to access beyond end of device [ 433.972823][ T21] loop5: rw=1, want=2461, limit=63 [ 434.025483][ T21] attempt to access beyond end of device [ 434.042533][ T21] loop5: rw=1, want=4517, limit=63 [ 434.059939][ T21] attempt to access beyond end of device [ 434.073558][ T21] loop5: rw=1, want=4961, limit=63 14:14:43 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:14:43 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:43 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 434.314692][T12785] gfs2: not a GFS2 filesystem [ 434.408401][ T26] audit: type=1804 audit(1588169683.514:192): pid=12789 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/102/file0/bus" dev="loop5" ino=114 res=1 [ 434.528876][ T26] audit: type=1804 audit(1588169683.624:193): pid=12801 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/102/file0/bus" dev="loop5" ino=114 res=1 14:14:45 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:45 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:14:45 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000280)="d36389ce0d47243b8a0dc23cc8489e27b243e508fb0f62c8ddccf94c935b2624092f9f9803a02e2e95bc64806224ce61f822e2ea65bafa0c1a8906176378cddbfea70b94968d037536708ed5c369da1939c84d5228fcc666a8d5bcd67d759d01be70bdea34221f0acb9bb95aac2dfbfcfa738b65fe4a1bb2ccfccade64ac4004f47ab2dbbeb27cd6312d1189b0a25de4194002e0c472e1278bec9755aac66c0bf7dea5cc51ad3bad0264572af962812ad16a6ad41c3d96829d1479b291a7670ed53e09182361a17d584aaab36c9700d927ca31d0ccac4a984af2731a220b88b3b4e6cc197fc6218d6e0d3eb4a1eeaa9c5d8f4a96a0ee46f237b3693a09e6be7d04f46617ba82d7b179cbba264abca603bff1", 0x112}], 0x1}, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x34000}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "02"}], 0x18}, 0xfc) 14:14:45 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:45 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:45 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 436.700152][T12828] gfs2: not a GFS2 filesystem 14:14:45 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 436.793920][ T26] audit: type=1804 audit(1588169685.894:194): pid=12835 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/103/file0/bus" dev="loop5" ino=115 res=1 14:14:46 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:14:46 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 437.076008][ T26] audit: type=1804 audit(1588169685.984:195): pid=12840 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/103/file0/bus" dev="loop5" ino=115 res=1 14:14:46 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 437.246360][T12850] gfs2: not a GFS2 filesystem 14:14:46 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:46 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 437.572928][ T204] attempt to access beyond end of device [ 437.593526][ T204] loop5: rw=1, want=5225, limit=63 [ 437.614809][T12871] gfs2: Unknown parameter 'subj_role' [ 437.630207][ T204] attempt to access beyond end of device [ 437.635885][ T204] loop5: rw=1, want=7281, limit=63 [ 437.647047][ T204] attempt to access beyond end of device [ 437.652826][ T204] loop5: rw=1, want=9329, limit=63 [ 437.663268][ T204] attempt to access beyond end of device [ 437.669265][ T204] loop5: rw=1, want=11377, limit=63 [ 437.679480][ T204] attempt to access beyond end of device [ 437.685181][ T204] loop5: rw=1, want=13161, limit=63 14:14:49 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000000005) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1004000000013) 14:14:49 executing program 2: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0xffffc000, 0x1) 14:14:49 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:49 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:49 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:49 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:49 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 440.445956][T12897] gfs2: Unknown parameter 'subj_role' [ 440.446610][T12904] overlayfs: filesystem on './file0' not supported as upperdir 14:14:49 executing program 2: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0xffffc000, 0x1) [ 440.566491][ T26] audit: type=1804 audit(1588169689.664:196): pid=12902 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/104/file0/bus" dev="sda1" ino=16346 res=1 14:14:49 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:49 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:49 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 440.700543][ T26] audit: type=1804 audit(1588169689.764:197): pid=12917 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/104/file0/bus" dev="sda1" ino=16346 res=1 [ 440.799758][T12921] gfs2: Unknown parameter 'subj_role' 14:14:50 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 440.864224][T12931] overlayfs: missing 'lowerdir' [ 440.974555][T12935] gfs2: Unknown parameter 'subj_role' 14:14:52 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:52 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:52 executing program 2: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000001c0)='./file0\x00') chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x1) 14:14:52 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:52 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:52 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:52 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 443.451375][T12957] gfs2: Unknown parameter 'subj_role' [ 443.511875][T12958] overlayfs: missing 'lowerdir' 14:14:52 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 443.541164][T12956] overlayfs: failed to resolve './bus': -2 14:14:52 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 443.636524][T12971] overlayfs: failed to resolve './bus': -2 [ 443.649667][ T26] audit: type=1804 audit(1588169692.754:198): pid=12966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/105/file0/bus" dev="loop5" ino=116 res=1 14:14:52 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 443.719738][ T26] audit: type=1804 audit(1588169692.824:199): pid=12977 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/105/file0/bus" dev="loop5" ino=116 res=1 14:14:52 executing program 2: write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000005000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa6bb3019c13bd23212fb56f040026fbfefc41056bd8174b7960317142fa9ea41d8123751c4e345c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8d820ba3101948502b17f8e2c076a206ac6939fc404000000c788b277be8000bf9b0a4def23d410f6accd3641110bec4e90a6341965c39e9ef8f6e3968f200e011ea665c45a3449abe802f5ab3e89cf6c06000000b8580218ce740068720000074e468eea3fd2f73902ebcfcf49822775785bf313405b433a8acd715f5888b2007f00000000400000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c000000000000000031000000000000000000e75a89fade01210cce39bf405f1e846c12423a164a33e680846f26ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2acbf4609646b6c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c3fa90e7e57a79d6fce424c2200af6c7784a1975fa657de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d06d988d6edc71df48dca02113a38300cabf2b5543ffc1669557b3819d8c396d2c23616201000000000000002770d72cd00600000f7889b8c7044f563a1f68d4efe81a4000d497cc87cac6f45a6922ded2e295fdbc463f747c08f401058690350000000000000000000000006941f781573c68543f0d3bc1108c87d2111ceb512e318ccf62427986c795f42883230cb7abb796b86fd560b9ae129e0e5af9a6c2254c886ba375704643693308bad496bc933a6de3fc0298a765deba310498e7071a3b55560b4ebfcfeaba05169a8cb6a1651f6284150dc78315e19fc8a7a3038a9ae4ff116eac76cbc262f591f3050072add738a91cbc3502199b34e6941f6421c945ef50b528fd2ff5ec9edb1c29e338dbcdf9617cd25a0a56dcdb270409ff8a4b5a27d0557434dd7200000000000000000000000000bad98b7652fd053d754448976dcc22fd2c4323e55bb4dc961859a3bb255e5955a41549353d5442cf342b1c6d6de58162f9145ac7e96fcf188d3808475244e5b0"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000003c0)=r0, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 443.781361][T12978] gfs2: Unknown parameter 'subj_role' [ 443.871160][T12983] overlayfs: missing 'lowerdir' 14:14:53 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:53 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:53 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 444.127358][T12996] gfs2: Unknown parameter 'subj_role' 14:14:53 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 444.229900][T12998] overlayfs: missing 'lowerdir' [ 444.341462][ T21] attempt to access beyond end of device [ 444.351822][ T21] loop5: rw=1, want=2649, limit=63 [ 444.363749][ T21] attempt to access beyond end of device [ 444.398407][ T21] loop5: rw=1, want=4697, limit=63 [ 444.408044][ T21] attempt to access beyond end of device [ 444.413723][ T21] loop5: rw=1, want=6753, limit=63 [ 444.428445][ T21] attempt to access beyond end of device [ 444.434128][ T21] loop5: rw=1, want=8701, limit=63 14:14:55 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:55 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum'}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) 14:14:55 executing program 2: socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) 14:14:55 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:55 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:55 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 446.638627][T13033] overlayfs: missing 'lowerdir' [ 446.652129][T13034] gfs2: quota_quantum mount option requires a positive numeric argument 14:14:55 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum'}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 446.751976][ T26] audit: type=1804 audit(1588169695.854:200): pid=13037 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/106/file0/bus" dev="loop5" ino=117 res=1 14:14:55 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 446.854468][T13046] gfs2: quota_quantum mount option requires a positive numeric argument 14:14:56 executing program 2: socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 446.896810][ T26] audit: type=1804 audit(1588169695.924:201): pid=13042 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/106/file0/bus" dev="loop5" ino=117 res=1 14:14:56 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum'}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}], [{@subj_role={'subj_role', 0x3d, 'redirect_dir'}}]}) [ 447.053019][T13055] overlayfs: missing 'lowerdir' 14:14:56 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 447.139676][T13058] gfs2: quota_quantum mount option requires a positive numeric argument 14:14:56 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_mount_image$gfs2(&(0x7f0000000440)='gfs2\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x2}}, {@hostdata={'hostdata', 0x3d, 'fowner<'}}]}) [ 447.377568][T13063] overlayfs: missing 'lowerdir' [ 447.410254][T13066] gfs2: not a GFS2 filesystem [ 447.501596][ T204] attempt to access beyond end of device [ 447.523524][ T204] loop5: rw=1, want=2433, limit=63 [ 447.542089][ T204] attempt to access beyond end of device [ 447.550098][ T204] loop5: rw=1, want=4481, limit=63 [ 447.569088][ T204] attempt to access beyond end of device [ 447.574801][ T204] loop5: rw=1, want=6529, limit=63 [ 447.615420][ T204] attempt to access beyond end of device [ 447.621967][ T204] loop5: rw=1, want=7037, limit=63 14:14:58 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:14:58 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:14:58 executing program 2: syz_mount_image$hfs(&(0x7f0000000140)='hfs\x00', &(0x7f0000000180)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)={[{@uid={'uid'}}]}) 14:14:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:14:58 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:58 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x68001) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) dup2(r0, r1) [ 449.769477][T13100] hfs: can't find a HFS filesystem on dev loop2 [ 449.786356][T13096] overlayfs: missing 'lowerdir' [ 449.792486][ T26] audit: type=1804 audit(1588169698.904:202): pid=13094 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/107/file0/bus" dev="loop5" ino=118 res=1 14:14:59 executing program 2: request_key(&(0x7f0000000080)='keyring\x00', 0x0, &(0x7f0000000100)='bridge0\x00', 0xfffffffffffffffb) socket(0x2, 0x3, 0x2) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x1276, 0x0) 14:14:59 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:59 executing program 1: write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 449.920296][ T26] audit: type=1804 audit(1588169698.984:203): pid=13110 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/107/file0/bus" dev="loop5" ino=118 res=1 14:14:59 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc}]}, 0x28}}, 0x0) [ 450.211771][T13119] overlayfs: missing 'lowerdir' 14:14:59 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:14:59 executing program 1: write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) [ 450.471093][T13128] overlayfs: option "workdir=." is useless in a non-upper mount, ignore [ 450.499597][T13128] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 450.560197][ T204] attempt to access beyond end of device [ 450.565917][ T204] loop5: rw=1, want=2853, limit=63 [ 450.616237][ T204] attempt to access beyond end of device [ 450.633469][ T204] loop5: rw=1, want=4921, limit=63 14:15:01 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:01 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc}]}, 0x28}}, 0x0) 14:15:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:01 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:01 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:01 executing program 1: write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socket$kcm(0x11, 0xa, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4ac106b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca037605000000b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02cc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb695cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487367d6d7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6fca7844f9dab530388eb1f43d4abbfc59d6d1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7fb178f047ba32548b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f81074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba51aee6f48968981811f832d064048c0e0bbe46984f1f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e36a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561d34e4e9851e81d4a355abf43d917c16a2bb0cfb284fcfde901576954ef59e4a658ca431be123b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb463c407f87dafd6199f9ddd1f62da58ca7d3297d6a1bfc5a9aa38a05e70591d5cdab1c268ef3c1984c7c51566cfc2ab6e6fbc99ec206a54fb49056a555414178ef00d8b873c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8ad62edc65828fbb6e279f745d2872f0c08635e465ca443a6a64c7803760880af23fb3f438a5d11fffc96dd1cb951642f1433f65b4e170a62a5f7a8d0f9d5cef0d17289c43d4aee2127f7a343899434594cc23e1c864164e130754b337e520f285dc670a31241bfb43ac62fc7f985586168483427072a535f2cac81ec261c0000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630277fbac14140ce0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) 14:15:01 executing program 2: [ 452.859620][T13144] overlayfs: option "workdir=." is useless in a non-upper mount, ignore [ 452.909762][ T26] audit: type=1804 audit(1588169702.014:204): pid=13147 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/108/file0/bus" dev="loop5" ino=119 res=1 [ 452.924965][T13144] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 452.992275][ T26] audit: type=1804 audit(1588169702.094:205): pid=13153 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/108/file0/bus" dev="loop5" ino=119 res=1 14:15:02 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:02 executing program 2: 14:15:02 executing program 1: 14:15:02 executing program 2: 14:15:02 executing program 1: [ 453.318627][T13160] overlayfs: option "workdir=." is useless in a non-upper mount, ignore [ 453.353383][T13160] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 453.650549][ T204] attempt to access beyond end of device [ 453.675911][ T204] loop5: rw=1, want=2757, limit=63 [ 453.704481][ T204] attempt to access beyond end of device [ 453.716528][ T204] loop5: rw=1, want=4805, limit=63 [ 453.731462][ T204] attempt to access beyond end of device [ 453.744715][ T204] loop5: rw=1, want=6853, limit=63 [ 453.770684][ T204] attempt to access beyond end of device [ 453.781969][ T204] loop5: rw=1, want=8325, limit=63 14:15:04 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:04 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:04 executing program 2: 14:15:04 executing program 1: 14:15:04 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:05 executing program 2: 14:15:05 executing program 1: [ 456.020601][T13181] overlayfs: unrecognized mount option "upper" or missing value 14:15:05 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:05 executing program 2: 14:15:05 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 456.064812][ T26] audit: type=1804 audit(1588169705.164:206): pid=13182 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/109/file0/bus" dev="loop5" ino=120 res=1 14:15:05 executing program 2: [ 456.204338][ T26] audit: type=1804 audit(1588169705.254:207): pid=13191 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/109/file0/bus" dev="loop5" ino=120 res=1 [ 456.267736][T13196] overlayfs: unrecognized mount option "upper" or missing value 14:15:08 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:08 executing program 1: 14:15:08 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:08 executing program 2: 14:15:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:08 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:08 executing program 1: 14:15:08 executing program 2: [ 459.057540][T13221] overlayfs: unrecognized mount option "upper" or missing value 14:15:08 executing program 1: [ 459.131954][ T26] audit: type=1804 audit(1588169708.234:208): pid=13227 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/110/file0/bus" dev="loop5" ino=121 res=1 14:15:08 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:08 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 459.286495][ T26] audit: type=1804 audit(1588169708.344:209): pid=13234 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/110/file0/bus" dev="loop5" ino=121 res=1 14:15:08 executing program 2: [ 459.551948][T13243] overlayfs: workdir and upperdir must be separate subtrees [ 459.857534][ T21] attempt to access beyond end of device [ 459.872829][ T21] loop5: rw=1, want=2625, limit=63 [ 459.899925][ T21] attempt to access beyond end of device [ 459.906945][ T21] loop5: rw=1, want=4673, limit=63 [ 459.922478][ T21] attempt to access beyond end of device [ 459.940837][ T21] loop5: rw=1, want=6729, limit=63 [ 459.963566][ T21] attempt to access beyond end of device [ 459.976731][ T21] loop5: rw=1, want=8777, limit=63 [ 459.985467][ T21] attempt to access beyond end of device [ 460.000368][ T21] loop5: rw=1, want=10553, limit=63 14:15:11 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:11 executing program 1: 14:15:11 executing program 2: 14:15:11 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:11 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:11 executing program 1: 14:15:11 executing program 2: [ 462.148235][T13264] overlayfs: workdir and upperdir must be separate subtrees [ 462.206922][ T26] audit: type=1804 audit(1588169711.304:210): pid=13268 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/111/file0/bus" dev="loop5" ino=122 res=1 14:15:11 executing program 1: [ 462.294693][ T26] audit: type=1804 audit(1588169711.394:211): pid=13274 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/111/file0/bus" dev="loop5" ino=122 res=1 14:15:11 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:11 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:11 executing program 2: [ 462.581737][T13286] overlayfs: workdir and upperdir must be separate subtrees 14:15:12 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:12 executing program 1: 14:15:12 executing program 2: 14:15:12 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:12 executing program 2: 14:15:12 executing program 1: [ 463.127070][T13301] overlayfs: failed to resolve './fil': -2 14:15:12 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:12 executing program 1: 14:15:12 executing program 2: 14:15:12 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 463.300923][ T26] audit: type=1804 audit(1588169712.394:212): pid=13309 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/112/file0/bus" dev="loop5" ino=123 res=1 14:15:12 executing program 1: [ 463.390965][ T26] audit: type=1804 audit(1588169712.494:213): pid=13317 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/112/file0/bus" dev="loop5" ino=123 res=1 [ 463.526730][T13319] overlayfs: failed to resolve './fil': -2 14:15:13 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:13 executing program 2: 14:15:13 executing program 1: 14:15:13 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:13 executing program 1: 14:15:13 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 464.053704][ T21] attempt to access beyond end of device [ 464.084927][ T21] loop5: rw=1, want=2361, limit=63 [ 464.097314][T13332] overlayfs: failed to resolve './fil': -2 14:15:13 executing program 2: [ 464.190628][ T21] attempt to access beyond end of device [ 464.204639][ T21] loop5: rw=1, want=4409, limit=63 [ 464.231144][ T21] attempt to access beyond end of device [ 464.246424][ T21] loop5: rw=1, want=6465, limit=63 14:15:13 executing program 1: 14:15:13 executing program 2: [ 464.293464][ T21] attempt to access beyond end of device [ 464.308101][ T21] loop5: rw=1, want=8513, limit=63 14:15:13 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 464.335664][T13343] overlayfs: failed to resolve './file': -2 [ 464.351991][ T21] attempt to access beyond end of device [ 464.373778][ T21] loop5: rw=1, want=8889, limit=63 14:15:13 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:13 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:13 executing program 1: 14:15:13 executing program 2: 14:15:13 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 464.605223][T13355] overlayfs: failed to resolve './file': -2 [ 464.756420][ T26] audit: type=1804 audit(1588169713.854:214): pid=13363 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/113/file0/bus" dev="loop5" ino=124 res=1 [ 464.775339][T13362] overlayfs: failed to resolve './file': -2 [ 464.843157][ T26] audit: type=1804 audit(1588169713.934:215): pid=13367 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/113/file0/bus" dev="loop5" ino=124 res=1 14:15:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:14 executing program 2: 14:15:14 executing program 1: 14:15:14 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:14 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(0x0) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) 14:15:14 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 465.541885][ T21] attempt to access beyond end of device [ 465.570659][ T21] loop5: rw=1, want=3625, limit=63 14:15:14 executing program 2: [ 465.613896][ T21] attempt to access beyond end of device 14:15:14 executing program 1: [ 465.661685][ T21] loop5: rw=1, want=5681, limit=63 14:15:14 executing program 2: 14:15:14 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:14 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(0x0) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 465.731879][ T21] attempt to access beyond end of device [ 465.767604][ T21] loop5: rw=1, want=7729, limit=63 [ 465.800092][ T21] attempt to access beyond end of device [ 465.813529][ T21] loop5: rw=1, want=9777, limit=63 14:15:15 executing program 1: [ 465.870562][ T21] attempt to access beyond end of device [ 465.903943][ T21] loop5: rw=1, want=11825, limit=63 [ 465.952138][ T21] attempt to access beyond end of device [ 465.973722][ T21] loop5: rw=1, want=13873, limit=63 [ 466.018467][ T21] attempt to access beyond end of device [ 466.024245][ T21] loop5: rw=1, want=15921, limit=63 [ 466.072034][ T21] attempt to access beyond end of device [ 466.096719][ T21] loop5: rw=1, want=17969, limit=63 [ 466.107620][ T21] attempt to access beyond end of device [ 466.113322][ T21] loop5: rw=1, want=20017, limit=63 [ 466.125139][ T21] attempt to access beyond end of device [ 466.131304][ T21] loop5: rw=1, want=22065, limit=63 [ 466.142101][ T21] attempt to access beyond end of device [ 466.147825][ T21] loop5: rw=1, want=24025, limit=63 [ 466.365308][ T26] audit: type=1804 audit(1588169715.464:216): pid=13401 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/114/file0/bus" dev="loop5" ino=125 res=1 [ 466.422212][ T26] audit: type=1804 audit(1588169715.514:217): pid=13404 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/114/file0/bus" dev="loop5" ino=125 res=1 14:15:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:16 executing program 2: 14:15:16 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:16 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:16 executing program 1: 14:15:16 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(0x0) mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x2000, 0x1) [ 467.250342][ T8000] attempt to access beyond end of device [ 467.282967][ T8000] loop5: rw=1, want=3265, limit=63 14:15:16 executing program 2: 14:15:16 executing program 1: [ 467.363846][ T8000] attempt to access beyond end of device [ 467.416764][ T8000] loop5: rw=1, want=5313, limit=63 14:15:16 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:16 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(0x0, 0x2000, 0x1) [ 467.480582][ T8000] attempt to access beyond end of device [ 467.500025][ T8000] loop5: rw=1, want=7361, limit=63 14:15:16 executing program 2: 14:15:16 executing program 1: [ 467.568196][ T8000] attempt to access beyond end of device [ 467.592008][ T8000] loop5: rw=1, want=9409, limit=63 [ 467.649886][ T8000] attempt to access beyond end of device [ 467.666765][ T8000] loop5: rw=1, want=11465, limit=63 [ 467.705402][ T8000] attempt to access beyond end of device [ 467.720059][ T8000] loop5: rw=1, want=13513, limit=63 [ 467.757670][ T8000] attempt to access beyond end of device [ 467.763457][ T8000] loop5: rw=1, want=15561, limit=63 [ 467.775487][ T8000] attempt to access beyond end of device [ 467.781602][ T8000] loop5: rw=1, want=17609, limit=63 [ 467.792818][ T8000] attempt to access beyond end of device [ 467.798851][ T8000] loop5: rw=1, want=19657, limit=63 [ 467.810522][ T8000] attempt to access beyond end of device [ 467.816339][ T8000] loop5: rw=1, want=21705, limit=63 [ 467.828222][ T8000] attempt to access beyond end of device [ 467.833881][ T8000] loop5: rw=1, want=23753, limit=63 [ 467.846480][ T8000] attempt to access beyond end of device [ 467.853275][ T8000] loop5: rw=1, want=25801, limit=63 [ 467.862004][ T8000] attempt to access beyond end of device [ 467.868942][ T8000] loop5: rw=1, want=26489, limit=63 [ 468.122034][ T26] audit: type=1804 audit(1588169717.224:218): pid=13438 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/115/file0/bus" dev="loop5" ino=126 res=1 [ 468.256838][ T26] audit: type=1804 audit(1588169717.294:219): pid=13441 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/115/file0/bus" dev="loop5" ino=126 res=1 14:15:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:18 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:18 executing program 1: 14:15:18 executing program 2: 14:15:18 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(0x0, 0x2000, 0x1) 14:15:18 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 14:15:18 executing program 2: [ 468.922663][ T8000] attempt to access beyond end of device [ 468.960572][ T8000] loop5: rw=1, want=4073, limit=63 14:15:18 executing program 1: [ 468.990481][ T8000] attempt to access beyond end of device [ 469.016357][ T8000] loop5: rw=1, want=6121, limit=63 14:15:18 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(0x0, 0x2000, 0x1) 14:15:18 executing program 1: [ 469.053844][ T8000] attempt to access beyond end of device [ 469.066579][ T8000] loop5: rw=1, want=8177, limit=63 [ 469.083052][ T8000] attempt to access beyond end of device [ 469.092276][ T8000] loop5: rw=1, want=10225, limit=63 14:15:18 executing program 2: 14:15:18 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 469.148267][ T8000] attempt to access beyond end of device [ 469.181970][ T8000] loop5: rw=1, want=12273, limit=63 [ 469.206849][ T8000] attempt to access beyond end of device [ 469.213383][ T8000] loop5: rw=1, want=14321, limit=63 [ 469.233557][ T8000] attempt to access beyond end of device [ 469.246233][ T8000] loop5: rw=1, want=16369, limit=63 [ 469.299022][ T8000] attempt to access beyond end of device [ 469.331069][ T8000] loop5: rw=1, want=18417, limit=63 [ 469.358216][ T8000] attempt to access beyond end of device [ 469.363947][ T8000] loop5: rw=1, want=20465, limit=63 [ 469.375861][ T8000] attempt to access beyond end of device [ 469.382025][ T8000] loop5: rw=1, want=22513, limit=63 [ 469.395540][ T8000] attempt to access beyond end of device [ 469.402427][ T8000] loop5: rw=1, want=24561, limit=63 [ 469.439046][ T8000] attempt to access beyond end of device [ 469.456541][ T8000] loop5: rw=1, want=26057, limit=63 [ 469.674328][ T26] audit: type=1804 audit(1588169718.774:220): pid=13476 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/116/file0/bus" dev="loop5" ino=127 res=1 [ 469.746397][ T26] audit: type=1804 audit(1588169718.844:221): pid=13480 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/116/file0/bus" dev="loop5" ino=127 res=1 14:15:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:19 executing program 1: 14:15:19 executing program 2: 14:15:19 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:19 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x1) 14:15:19 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:19 executing program 2: 14:15:19 executing program 2: 14:15:19 executing program 1: 14:15:19 executing program 2: 14:15:19 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x1) 14:15:19 executing program 2: [ 470.748749][ T26] audit: type=1804 audit(1588169719.854:222): pid=13502 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/117/file0/bus" dev="loop5" ino=128 res=1 [ 470.820711][ T26] audit: type=1804 audit(1588169719.924:223): pid=13506 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/117/file0/bus" dev="loop5" ino=128 res=1 14:15:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:20 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r2, 0x1004000000013) 14:15:20 executing program 1: 14:15:20 executing program 2: 14:15:20 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000540)='./bus\x00') mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x1) 14:15:20 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:20 executing program 1: 14:15:20 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000280)=""/196, 0xf}], 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000000)={0x0, 'syzkaller1\x00'}) 14:15:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="0f018c6b4e260f650966b9800000c00f326635004000000f30b899028ed0b801008ed00fa10b6bc136f30f5e350fc769b8", 0x31}], 0x1, 0x0, 0x0, 0xfffffd86) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000440), &(0x7f0000000480)=0xc) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000200)='./file0\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100), 0x10) r3 = msgget$private(0x0, 0x0) msgrcv(r3, &(0x7f0000000040)={0x0, ""/14}, 0x16, 0x2, 0x1000) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)) io_submit(0x0, 0x2, &(0x7f0000000800)=[0x0, 0x0]) 14:15:20 executing program 1: [ 471.758888][ T26] audit: type=1804 audit(1588169720.864:224): pid=13539 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/118/file0/bus" dev="loop5" ino=129 res=1 14:15:21 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) tkill(r2, 0x1004000000013) [ 471.951866][ T26] audit: type=1804 audit(1588169720.904:225): pid=13543 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/118/file0/bus" dev="loop5" ino=129 res=1 14:15:21 executing program 1: 14:15:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:21 executing program 1: 14:15:21 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 472.597764][ T21] attempt to access beyond end of device [ 472.603449][ T21] loop5: rw=1, want=2989, limit=63 14:15:21 executing program 1: [ 472.641803][ T21] attempt to access beyond end of device [ 472.666550][ T21] loop5: rw=1, want=5037, limit=63 14:15:21 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000280)=""/196, 0xf}], 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000000)={0x0, 'syzkaller1\x00'}) [ 472.688088][ T21] attempt to access beyond end of device [ 472.693750][ T21] loop5: rw=1, want=7085, limit=63 [ 472.721813][ T21] attempt to access beyond end of device [ 472.736506][ T21] loop5: rw=1, want=9141, limit=63 [ 472.759475][ T21] attempt to access beyond end of device [ 472.786632][ T21] loop5: rw=1, want=11189, limit=63 14:15:22 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') fcntl$lock(r0, 0x25, &(0x7f0000000140)) [ 472.834643][ T21] attempt to access beyond end of device [ 472.864100][ T21] loop5: rw=1, want=13237, limit=63 14:15:22 executing program 3: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:22 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) tkill(r2, 0x1004000000013) [ 472.942531][ T21] attempt to access beyond end of device [ 472.970192][ T21] loop5: rw=1, want=15285, limit=63 [ 473.001615][ T21] attempt to access beyond end of device [ 473.017287][ T21] loop5: rw=1, want=17333, limit=63 [ 473.045050][ T21] attempt to access beyond end of device [ 473.063335][ T21] loop5: rw=1, want=19381, limit=63 [ 473.099219][ T21] attempt to access beyond end of device [ 473.111565][ T21] loop5: rw=1, want=21429, limit=63 14:15:22 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) r1 = memfd_create(&(0x7f00000000c0)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc8z', 0x0) write(r1, &(0x7f0000000140)="f1", 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TCGETS(r4, 0x5401, &(0x7f0000000040)) ioctl$TUNSETTXFILTER(r0, 0x400454dc, &(0x7f0000000000)={0x0, 0x2aaaaaaaaaaaaac3}) [ 473.146653][ T21] attempt to access beyond end of device [ 473.159061][ T21] loop5: rw=1, want=23477, limit=63 [ 473.179192][ T21] attempt to access beyond end of device [ 473.191467][ T21] loop5: rw=1, want=24765, limit=63 [ 473.278061][T13595] EXT4-fs (sda1): re-mounted. Opts: 14:15:22 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') 14:15:22 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) tkill(r2, 0x1004000000013) [ 473.429721][T13601] EXT4-fs (sda1): re-mounted. Opts: 14:15:22 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 473.631318][ T26] audit: type=1804 audit(1588169722.734:226): pid=13626 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/119/file0/bus" dev="loop5" ino=130 res=1 [ 473.781053][ T26] audit: type=1804 audit(1588169722.784:227): pid=13632 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/119/file0/bus" dev="loop5" ino=130 res=1 14:15:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:23 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TUNSETTXFILTER(r0, 0x800454dd, 0x0) 14:15:23 executing program 1: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a73, 0x0) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000140)=""/1, 0x1}, {0x0}, {&(0x7f0000000340)=""/143, 0x8f}, {&(0x7f0000000400)=""/31, 0x1f}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x5) 14:15:23 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) 14:15:23 executing program 2: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) creat(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setgid(0x0) getuid() mount$fuseblk(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x288420, 0x0) mq_open(0x0, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, 0x0, 0x0) [ 474.425289][ T21] attempt to access beyond end of device [ 474.431681][ T21] loop5: rw=1, want=3809, limit=63 [ 474.444222][ T21] attempt to access beyond end of device [ 474.450432][ T21] loop5: rw=1, want=5857, limit=63 [ 474.461994][ T21] attempt to access beyond end of device [ 474.467984][ T21] loop5: rw=1, want=7905, limit=63 [ 474.485429][ T21] attempt to access beyond end of device [ 474.497136][ T21] loop5: rw=1, want=9961, limit=63 [ 474.520301][ T21] attempt to access beyond end of device [ 474.529150][ T21] loop5: rw=1, want=12009, limit=63 [ 474.546038][ T21] attempt to access beyond end of device [ 474.552658][ T21] loop5: rw=1, want=14057, limit=63 [ 474.565646][ T21] attempt to access beyond end of device [ 474.571987][ T21] loop5: rw=1, want=16105, limit=63 [ 474.584537][ T21] attempt to access beyond end of device [ 474.591194][ T21] loop5: rw=1, want=18153, limit=63 14:15:23 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 474.604533][ T21] attempt to access beyond end of device [ 474.610886][ T21] loop5: rw=1, want=20201, limit=63 [ 474.623029][ T21] attempt to access beyond end of device [ 474.628899][ T21] loop5: rw=1, want=22249, limit=63 [ 474.641902][ T21] attempt to access beyond end of device [ 474.647988][ T21] loop5: rw=1, want=24297, limit=63 14:15:23 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x800, 0x0, 0x3, 0x1}, 0x20) [ 474.657767][ T21] attempt to access beyond end of device [ 474.663658][ T21] loop5: rw=1, want=24973, limit=63 14:15:24 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) 14:15:24 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmdt(0x0) [ 475.110400][ T26] audit: type=1804 audit(1588169724.214:228): pid=13687 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/120/file0/bus" dev="loop5" ino=131 res=1 [ 475.265816][ T26] audit: type=1804 audit(1588169724.284:229): pid=13693 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/120/file0/bus" dev="loop5" ino=131 res=1 14:15:24 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) 14:15:24 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) 14:15:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0xd4}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 14:15:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:25 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 14:15:25 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46802) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) io_setup(0x100000000000c333, &(0x7f0000000180)=0x0) io_submit(r2, 0x82, &(0x7f0000000540)=[&(0x7f00000000c0)={0xc, 0x1f16, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r3 = open(&(0x7f0000000780)='./bus\x00', 0x103002, 0xf0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f00000001c0)=0x2) 14:15:25 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) [ 476.033407][ T8003] attempt to access beyond end of device [ 476.081333][ T8003] loop5: rw=1, want=3869, limit=63 14:15:25 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 14:15:25 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000240), 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 476.136687][ T8003] attempt to access beyond end of device [ 476.154960][ T8003] loop5: rw=1, want=5917, limit=63 [ 476.209753][ T8003] attempt to access beyond end of device [ 476.215501][ T8003] loop5: rw=1, want=7965, limit=63 [ 476.227170][ T8003] attempt to access beyond end of device [ 476.232936][ T8003] loop5: rw=1, want=10013, limit=63 14:15:25 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(0x0, 0x1004000000013) [ 476.255365][ T8003] attempt to access beyond end of device [ 476.274780][ T8003] loop5: rw=1, want=12069, limit=63 14:15:25 executing program 3: bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) clone(0x3102001f7e, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) move_pages(0x0, 0x20000047, &(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 476.337233][ T8003] attempt to access beyond end of device [ 476.363907][ T8003] loop5: rw=1, want=14117, limit=63 [ 476.426117][ T8003] attempt to access beyond end of device [ 476.466468][ T8003] loop5: rw=1, want=16165, limit=63 14:15:25 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 476.532651][ T8003] attempt to access beyond end of device [ 476.564078][ T8003] loop5: rw=1, want=18213, limit=63 14:15:25 executing program 3: socket$nl_route(0x10, 0x3, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0) clone(0x848100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x2218448, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c}) [ 476.615098][ T8003] attempt to access beyond end of device [ 476.644462][ T8003] loop5: rw=1, want=20261, limit=63 [ 476.712053][ T8003] attempt to access beyond end of device [ 476.761511][ T8003] loop5: rw=1, want=22309, limit=63 [ 476.809630][ T8003] attempt to access beyond end of device [ 476.831404][ T8003] loop5: rw=1, want=24357, limit=63 [ 476.853014][ T8003] attempt to access beyond end of device 14:15:25 executing program 3: sync() keyctl$chown(0x4, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8fa6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 476.858886][ T8003] loop5: rw=1, want=25125, limit=63 14:15:26 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x0) [ 477.429743][ T26] audit: type=1804 audit(1588169726.534:230): pid=13764 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/121/file0/bus" dev="loop5" ino=132 res=1 [ 477.632523][ T26] audit: type=1804 audit(1588169726.584:231): pid=13768 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/121/file0/bus" dev="loop5" ino=132 res=1 14:15:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:27 executing program 3: sync() keyctl$chown(0x4, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8fa6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 478.150517][ T26] audit: type=1800 audit(1588169727.254:232): pid=13726 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16194 res=0 [ 478.202930][ T204] attempt to access beyond end of device [ 478.225131][ T204] loop5: rw=1, want=3029, limit=63 14:15:27 executing program 1: io_setup(0x83, &(0x7f00000003c0)=0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f00000008c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000000c0)="19", 0x1}]) 14:15:27 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 14:15:27 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180), 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc0407008b65d8b4ac2ca3", 0xe) accept4(r2, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, &(0x7f00000005c0)=@nfc, 0x80) creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_mount_image$tmpfs(&(0x7f00000003c0)='tmpfs\x00', &(0x7f00000000c0)='./file0\x00', 0x2fc, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000200)="46efe98eecb87e2a705b8be77e432c77f473122d9ff7c0654c47241af3d22eba39f355f9caf772f4c164c4b03249ef2978f32f346e0bfd0116ac8eabc21d5f68965911f8da761db75ebc926d3ba2fe46e44c5e9f7319afd796e655524f7a72ad662eddb2f11f84adafc2cb2c5482b65627c9f8a8ce5bae5bdba39247a5abb56f7af1c3db6947532387ad749b960acc220fcd5ad1b4c0d6f24915c7eb541f8ffa432c05880436e61d7264", 0xaa, 0xfffffffffffffffe}, {&(0x7f0000000100)="e1d202b67aee2a29ab5d2343c0b8bbcdd924d2256d568b3223b7660f0876", 0x1e}], 0x100000, 0x0) 14:15:27 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x0) [ 478.250946][ T204] attempt to access beyond end of device [ 478.256755][ T204] loop5: rw=1, want=5077, limit=63 [ 478.269467][ T204] attempt to access beyond end of device [ 478.275401][ T204] loop5: rw=1, want=7125, limit=63 [ 478.289820][ T204] attempt to access beyond end of device [ 478.295606][ T204] loop5: rw=1, want=9181, limit=63 [ 478.340975][ T204] attempt to access beyond end of device [ 478.354467][ T204] loop5: rw=1, want=11229, limit=63 [ 478.410348][T13783] EXT4-fs (sda1): re-mounted. Opts: [ 478.422448][ T204] attempt to access beyond end of device [ 478.456308][ T204] loop5: rw=1, want=13277, limit=63 [ 478.485885][ T204] attempt to access beyond end of device [ 478.498976][ T204] loop5: rw=1, want=15325, limit=63 [ 478.550652][ T204] attempt to access beyond end of device 14:15:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = memfd_create(&(0x7f00000000c0)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc8z', 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x11, r4, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454dc, 0x0) [ 478.636278][ T204] loop5: rw=1, want=17373, limit=63 14:15:27 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 478.692626][ T204] attempt to access beyond end of device [ 478.720776][ T204] loop5: rw=1, want=19421, limit=63 [ 478.777324][ T204] attempt to access beyond end of device [ 478.794925][ T204] loop5: rw=1, want=21469, limit=63 14:15:28 executing program 1: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r2, 0x0, 0x1420000a73, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x1e, 0x9, 0x0, 0x0, 0xc00, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x82, 0x81, 0x5, 0x6, 0x7, 0x6, 0x200}, 0x0, 0x0, r1, 0x1) exit_group(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000580)={0x0, 0x17000000, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010300000000000000000500000008000300", @ANYRES32=r6, @ANYBLOB="a2e0940566055672cd810740"], 0x1c}}, 0x0) [ 478.819870][T13810] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000100000, [ 478.839100][ T204] attempt to access beyond end of device [ 478.859233][ T204] loop5: rw=1, want=23517, limit=63 [ 478.909405][T13820] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000100000, [ 478.915049][ T204] attempt to access beyond end of device 14:15:28 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:28 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 478.972496][ T204] loop5: rw=1, want=23765, limit=63 [ 479.114557][T13829] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000100000, 14:15:28 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000000c0)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000005) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x0) [ 479.381552][ T26] audit: type=1804 audit(1588169728.484:233): pid=13844 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/122/file0/bus" dev="loop5" ino=133 res=1 [ 479.460698][ T26] audit: type=1804 audit(1588169728.534:234): pid=13848 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/122/file0/bus" dev="loop5" ino=133 res=1 14:15:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x4044004) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:29 executing program 3: sync() keyctl$chown(0x4, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8fa6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) 14:15:29 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:29 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 14:15:29 executing program 1: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r2, 0x0, 0x1420000a73, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x1e, 0x9, 0x0, 0x0, 0xc00, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x82, 0x81, 0x5, 0x6, 0x7, 0x6, 0x200}, 0x0, 0x0, r1, 0x1) exit_group(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000580)={0x0, 0x17000000, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010300000000000000000500000008000300", @ANYRES32=r6, @ANYBLOB="a2e0940566055672cd810740"], 0x1c}}, 0x0) 14:15:29 executing program 0: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r2, 0x0, 0x1420000a73, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x1e, 0x9, 0x0, 0x0, 0xc00, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x82, 0x81, 0x5, 0x6, 0x7, 0x6, 0x200}, 0x0, 0x0, r1, 0x1) exit_group(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000580)={0x0, 0x17000000, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010300000000000000000500000008000300", @ANYRES32=r6, @ANYBLOB="a2e0940566055672cd810740"], 0x1c}}, 0x0) [ 480.221371][ T204] attempt to access beyond end of device [ 480.308216][ T204] loop5: rw=1, want=2941, limit=63 14:15:29 executing program 1: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r2, 0x0, 0x1420000a73, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x1e, 0x9, 0x0, 0x0, 0xc00, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x82, 0x81, 0x5, 0x6, 0x7, 0x6, 0x200}, 0x0, 0x0, r1, 0x1) exit_group(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000580)={0x0, 0x17000000, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010300000000000000000500000008000300", @ANYRES32=r6, @ANYBLOB="a2e0940566055672cd810740"], 0x1c}}, 0x0) [ 480.340929][T13870] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000100000, [ 480.376683][ T204] attempt to access beyond end of device [ 480.382392][ T204] loop5: rw=1, want=4989, limit=63 [ 480.421541][ T204] attempt to access beyond end of device [ 480.428087][ T204] loop5: rw=1, want=7037, limit=63 [ 480.459826][ T204] attempt to access beyond end of device [ 480.465551][ T204] loop5: rw=1, want=9093, limit=63 14:15:29 executing program 0: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r2, 0x0, 0x1420000a73, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x1e, 0x9, 0x0, 0x0, 0xc00, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x82, 0x81, 0x5, 0x6, 0x7, 0x6, 0x200}, 0x0, 0x0, r1, 0x1) exit_group(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000580)={0x0, 0x17000000, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010300000000000000000500000008000300", @ANYRES32=r6, @ANYBLOB="a2e0940566055672cd810740"], 0x1c}}, 0x0) 14:15:29 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 480.522894][ T204] attempt to access beyond end of device [ 480.553669][ T204] loop5: rw=1, want=11141, limit=63 [ 480.594061][ T204] attempt to access beyond end of device [ 480.601728][ T204] loop5: rw=1, want=13189, limit=63 [ 480.619405][ T204] attempt to access beyond end of device [ 480.625614][ T204] loop5: rw=1, want=15237, limit=63 14:15:29 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) [ 480.666401][T13890] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000100000, [ 480.680690][ T204] attempt to access beyond end of device [ 480.706157][ T204] loop5: rw=1, want=17285, limit=63 14:15:29 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 480.784935][ T204] attempt to access beyond end of device [ 480.817852][ T204] loop5: rw=1, want=19333, limit=63 [ 480.837183][ T204] attempt to access beyond end of device [ 480.844928][ T204] loop5: rw=1, want=21269, limit=63 14:15:30 executing program 4: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/shm\x00', 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) [ 481.129775][ T26] audit: type=1804 audit(1588169730.235:235): pid=13915 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/123/file0/bus" dev="loop5" ino=134 res=1 [ 481.335834][ T26] audit: type=1804 audit(1588169730.285:236): pid=13918 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/123/file0/bus" dev="loop5" ino=134 res=1 14:15:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:31 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:31 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f0000000100)) 14:15:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000002c0)="66b9800000c00f326635004000000f3066b9800000c00f326635000400000f300f06660f230466b8bf00c0fe0f23d80f21f86635400000000f23f80f20e06635002000000f22e026f30f6feb66b9a50b000066b8c008132166ba0fe1c8180f30262e0f001bf0ff0d", 0x68}], 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 14:15:31 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@local, 0x800, 0x0, 0xff, 0x1}, 0x20) 14:15:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x20, 0x2, 0x2, 0x3, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'snmp\x00'}]}, 0x20}}, 0x0) [ 481.951901][ T21] attempt to access beyond end of device [ 481.987530][ T21] loop5: rw=1, want=2941, limit=63 14:15:31 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb, 0x1, 'clsact\x00'}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}]}, 0x38}}, 0x0) [ 482.018764][ T21] attempt to access beyond end of device [ 482.025096][ T21] loop5: rw=1, want=4989, limit=63 [ 482.044534][ T21] attempt to access beyond end of device [ 482.053341][ T21] loop5: rw=1, want=7037, limit=63 [ 482.067719][ T21] attempt to access beyond end of device [ 482.078204][ T21] loop5: rw=1, want=9085, limit=63 14:15:31 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:31 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000b60400000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xa}, {}, {0x5}}, [@filter_kind_options=@f_fw={{0x7, 0x1, 'fw\x00'}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 482.112419][ T21] attempt to access beyond end of device [ 482.183626][T13936] kvm: emulating exchange as write [ 482.199059][ T21] loop5: rw=1, want=11141, limit=63 [ 482.229292][ T21] attempt to access beyond end of device [ 482.234967][ T21] loop5: rw=1, want=13189, limit=63 14:15:31 executing program 2: mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 482.283335][ T21] attempt to access beyond end of device [ 482.299777][ T21] loop5: rw=1, want=15237, limit=63 14:15:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000002c0)="66b9800000c00f326635004000000f3066b9800000c00f326635000400000f300f06660f230466b8bf00c0fe0f23d80f21f86635400000000f23f80f20e06635002000000f22e026f30f6feb66b9a50b000066b8c008132166ba0fe1c8180f30262e0f001bf0ff0d", 0x68}], 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 14:15:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="0f018c6b4e260f650966b9800000c00f326635004000000f30b899028ed0b801008ed00fa10b6bc136f30f5e350fc769b8", 0x31}], 0x1, 0x0, 0x0, 0xfffffd86) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100), 0x10) msgrcv(0x0, 0x0, 0x0, 0x2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) [ 482.340657][ T21] attempt to access beyond end of device [ 482.366080][ T21] loop5: rw=1, want=17285, limit=63 [ 482.402082][ T21] attempt to access beyond end of device [ 482.428858][ T21] loop5: rw=1, want=19333, limit=63 [ 482.461616][ T21] attempt to access beyond end of device [ 482.467438][ T21] loop5: rw=1, want=21381, limit=63 [ 482.479155][ T21] attempt to access beyond end of device [ 482.484883][ T21] loop5: rw=1, want=23429, limit=63 [ 482.496038][ T21] attempt to access beyond end of device [ 482.501809][ T21] loop5: rw=1, want=24781, limit=63 [ 482.933805][ T26] audit: type=1804 audit(1588169732.035:237): pid=13988 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/124/file0/bus" dev="loop5" ino=135 res=1 [ 483.040499][ T26] audit: type=1804 audit(1588169732.085:238): pid=13992 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/124/file0/bus" dev="loop5" ino=135 res=1 14:15:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:32 executing program 4: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) [ 483.862886][ T26] audit: type=1804 audit(1588169732.965:239): pid=14002 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/125/file0/bus" dev="loop5" ino=136 res=1 [ 483.936514][ T26] audit: type=1804 audit(1588169733.015:240): pid=14005 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/125/file0/bus" dev="loop5" ino=136 res=1 [ 484.566082][ T0] NOHZ: local_softirq_pending 08 14:15:34 executing program 1: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() pipe(&(0x7f0000000300)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) splice(r2, 0x0, r3, 0x0, 0x30009, 0x0) ptrace(0x10, r1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000040)={0x0}) 14:15:34 executing program 2: mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="0f018c6b4e260f650966b9800000c00f326635004000000f30b899028ed0b801008ed00fa10b6bc136f30f5e350fc769b8", 0x31}], 0x1, 0x0, 0x0, 0xfffffd86) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100), 0x10) msgrcv(0x0, 0x0, 0x0, 0x2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) 14:15:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="0f018c6b4e260f650966b9800000c00f326635004000000f30b899028ed0b801008ed00fa10b6bc136f30f5e350fc769b8", 0x31}], 0x1, 0x0, 0x0, 0xfffffd86) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100), 0x10) msgrcv(0x0, &(0x7f0000000040)={0x0, ""/14}, 0x16, 0x2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) io_submit(0x0, 0x1, &(0x7f0000000800)=[0x0]) 14:15:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000c748b3222638074b54362ddd00000000051404f7ead1ef33adfdba08b8c5236b93b907ffed4e19c01dca5100"/88, @ANYRES32=0x0, @ANYBLOB="00000079abd1932a9ec8a3a63673a36d66b103e1fdbb4678731c44d5772a8b52f88132613f2ab9faa48e75b0508e2367018dc4479c6757b0a5622107e780a52d43a222d4aa8fa0c3e961e2401d5dbb22107ce4584d22a35c2ff5c7069779f3a8e888a8ac94312cdb43f7907ebfcf3dc4ad1f5e7577c5c2c9146439e6910c437a8213e177dfca08fb12f6c6a8343821e53d1f0ef245757971cedd16b8065042500017c0bab7265ba185fa61404145c500be7e57f2af455765c675c710da30fb915abbfcb8fe5e5a54f998aeb8ecb869537d7ddb529a8d66a4905586c9dd0d81d4841e2c90bd8fa2bf3802bf963edaae01ebd125510bbe75beac077af773d5d2a34b256e8369f68b0fcab87c7ee033997f53b635b59ac5aa1456d0b35e1dd734149dbcf541d744962b2bd0ece4c267760c3a6d4bce9b03000000cfa703a1a48b59700f8c902e46ae26e6e31185a19c07959edcb6bfc88c9e6bc124147521f6eb327231e35785951377c40b713a4f6854b02c428bef068f9494aa8fc9f99ddff40ef4fdc9360eb1bc2a25ac491f2bc9c7a23fe5662170feb55b3999b45b8b80a8438df19e183d854691a1f2b34352fed522c4265e4ece52f35d351a1676982ce0f2eb2c454b9df04b976179611f1be4deac0dd4c79a122f3d33e52bcce38808809820094c31af5cca2d79bf783bb87588d8c21bad663bbde2644cab2b605d0ca91b5c2417ab7c7bba5173b0bfddfd1d87ce6d257c0526fc051adaf783cb44e5f09899886b26ca746f8d2b392e0871bca6f1cb40c5ac1bf5ca80b934424deddfb547d8f9a38a25aa39752cac866986bb0faaf07ffeecd27bd736fa1a058ee5b17adbde605eb5f3648b4ee013640d018b42ef6b58cb8de8b7c74889aa15397e21a7fee57bf58f8fd12f9c5a76"], 0x48}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7, @ANYBLOB="f66cbc5492db8563dfcc4ad25ab73d8ff23afe93813bc77f0991342c259b0127b6596c23582118e4510490de50cdc73487f463220f451eb0c202fe9a671fa180073797412a1ab8b8abc8129d4b7be0313334fd711afb6cb3c2341458a70ab1cdac8fa076574ec2dbca5f5f03a8b2789872e04ecc2fd63e105878a767613f94b9eda3231e357d0d8daff0c177a4c9b632e3ae676772767a7dc3875996d103c64b4e229babd479a29d0674959ac127d5e052c180eb3d236faf85029c0c886b907ecc6305acc6a67b0a7697683a7d9ca52c50082f3b0dbd22baafd9caa575f81368a4efbd27"], 0x44}}, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r10 = socket$unix(0x1, 0x1, 0x0) r11 = socket$unix(0x1, 0x1, 0x0) r12 = dup2(r11, r10) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x20}, 0x1, 0xc00000000000000}, 0x0) 14:15:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:34 executing program 2: mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 485.155571][T14028] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 485.196636][T14028] batman_adv: batadv0: Adding interface: ipvlan2 [ 485.238351][ T26] audit: type=1804 audit(1588169734.345:241): pid=14041 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/126/file0/bus" dev="loop5" ino=137 res=1 [ 485.279681][T14028] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.319082][ T26] audit: type=1804 audit(1588169734.415:242): pid=14048 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/126/file0/bus" dev="loop5" ino=137 res=1 [ 485.343023][T14028] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active 14:15:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000100)='6', 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xe0044002, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x0, 0x1f4}}], 0xa, 0x100, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000000040)}, 0x20) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffd88) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) 14:15:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="0f018c6b4e260f650966b9800000c00f326635004000000f30b899028ed0b801008ed00fa10b6bc136f30f5e350fc769b8", 0x31}], 0x1, 0x0, 0x0, 0xfffffd86) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100), 0x10) msgrcv(0x0, &(0x7f0000000040)={0x0, ""/14}, 0x16, 0x2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) io_submit(0x0, 0x1, &(0x7f0000000800)=[0x0]) 14:15:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 485.939464][ T8003] attempt to access beyond end of device [ 485.945151][ T8003] loop5: rw=1, want=4585, limit=63 [ 485.947234][T14049] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 485.956109][ T8003] attempt to access beyond end of device [ 485.965504][ T8003] loop5: rw=1, want=6633, limit=63 [ 485.976113][ T8003] attempt to access beyond end of device [ 485.981784][ T8003] loop5: rw=1, want=8681, limit=63 [ 485.993185][ T8003] attempt to access beyond end of device [ 485.999262][ T8003] loop5: rw=1, want=10737, limit=63 [ 486.011973][ T8003] attempt to access beyond end of device [ 486.017730][ T8003] loop5: rw=1, want=12785, limit=63 [ 486.030053][ T8003] attempt to access beyond end of device [ 486.035954][ T8003] loop5: rw=1, want=14833, limit=63 14:15:35 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) io_setup(0x100000000000c333, &(0x7f0000000180)=0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0)='nl80211\x00') sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r3, 0x18f18e66f6001768, 0x70bd2b, 0x0, {}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8001) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20044040) io_submit(r2, 0x82, &(0x7f0000000540)=[&(0x7f00000000c0)={0xc, 0x1f16, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 486.043704][T14055] ptrace attach of "/root/syz-executor.1"[14020] was attempted by "/root/syz-executor.1"[14055] [ 486.070400][ T8003] attempt to access beyond end of device [ 486.093943][T14046] batman_adv: batadv0: Adding interface: ipvlan3 [ 486.097613][ T8003] loop5: rw=1, want=16881, limit=63 [ 486.129962][T14046] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 486.131275][ T8003] attempt to access beyond end of device [ 486.169449][ T8003] loop5: rw=1, want=18929, limit=63 [ 486.181144][ T8003] attempt to access beyond end of device [ 486.186912][ T8003] loop5: rw=1, want=20977, limit=63 [ 486.199132][ T8003] attempt to access beyond end of device [ 486.204808][ T8003] loop5: rw=1, want=23025, limit=63 14:15:35 executing program 2: creat(0x0, 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 486.244901][ T8003] attempt to access beyond end of device [ 486.295916][ T8003] loop5: rw=1, want=24313, limit=63 [ 486.348269][T14046] batman_adv: batadv0: Not using interface ipvlan3 (retrying later): interface not active 14:15:35 executing program 2: creat(0x0, 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:35 executing program 4: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x9, 0xc, 0x400, 0xc}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) 14:15:35 executing program 2: creat(0x0, 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 486.837591][ T26] audit: type=1804 audit(1588169735.945:243): pid=14097 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/127/file0/bus" dev="loop5" ino=138 res=1 [ 487.081895][ T26] audit: type=1804 audit(1588169735.985:244): pid=14100 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/127/file0/bus" dev="loop5" ino=138 res=1 14:15:36 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0), 0x4) 14:15:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000100)='6', 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xe0044002, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x0, 0x1f4}}], 0xa, 0x100, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000000040)}, 0x20) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffd88) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) 14:15:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:36 executing program 4: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x9, 0xc, 0x400, 0xc}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) [ 487.642117][ T8000] attempt to access beyond end of device 14:15:36 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000200000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000a20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x44, 0x2, [@TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}}]}]}}]}, 0x74}}, 0x0) [ 487.683791][ T8000] loop5: rw=1, want=3625, limit=63 14:15:36 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 487.712759][ T8000] attempt to access beyond end of device 14:15:36 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TUNSETTXFILTER(r0, 0x401054d6, 0x0) [ 487.759189][ T8000] loop5: rw=1, want=6153, limit=63 [ 487.822101][ T8000] attempt to access beyond end of device [ 487.845231][ T8000] loop5: rw=1, want=8201, limit=63 [ 487.885537][ T8000] attempt to access beyond end of device [ 487.907535][ T8000] loop5: rw=1, want=10257, limit=63 14:15:37 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000200000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000a20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x44, 0x2, [@TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}}]}]}}]}, 0x74}}, 0x0) [ 487.946729][ T8000] attempt to access beyond end of device [ 487.960291][ T8000] loop5: rw=1, want=12305, limit=63 14:15:37 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:37 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TUNSETTXFILTER(r0, 0x401054d6, 0x0) [ 488.051080][ T8000] attempt to access beyond end of device [ 488.074083][ T8000] loop5: rw=1, want=14353, limit=63 [ 488.134896][ T8000] attempt to access beyond end of device [ 488.163002][ T8000] loop5: rw=1, want=16401, limit=63 14:15:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x54}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) [ 488.208012][ T8000] attempt to access beyond end of device [ 488.240172][ T8000] loop5: rw=1, want=18449, limit=63 [ 488.297577][ T8000] attempt to access beyond end of device 14:15:37 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 488.340195][ T8000] loop5: rw=1, want=20497, limit=63 14:15:37 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'\x00', 0x1132}) ioctl$TUNSETTXFILTER(r3, 0x400454d4, 0x0) [ 488.383484][ T8000] attempt to access beyond end of device [ 488.408656][ T8000] loop5: rw=1, want=22545, limit=63 14:15:37 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x21) write$binfmt_script(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="01"], 0x1) close(r2) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) [ 488.444435][ T8000] attempt to access beyond end of device [ 488.458121][ T8000] loop5: rw=1, want=24593, limit=63 [ 488.477823][ T8000] attempt to access beyond end of device [ 488.483513][ T8000] loop5: rw=1, want=24925, limit=63 [ 488.871191][ T26] audit: type=1804 audit(1588169737.975:245): pid=14199 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/128/file0/bus" dev="loop5" ino=139 res=1 [ 488.921431][ T26] audit: type=1804 audit(1588169738.025:246): pid=14202 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/128/file0/bus" dev="loop5" ino=139 res=1 14:15:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:38 executing program 1: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) 14:15:38 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@local, 0x0, 0x0, 0xff, 0x1}, 0x22) 14:15:38 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:38 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="9f8000000000000000"], &(0x7f00000001c0)=""/219, 0x9, 0xdb, 0x8}, 0x20) 14:15:38 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) 14:15:38 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x37cb1133) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8006}, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000), 0x4) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xc60}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0xd8, r4, 0x20, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x50}, 0x200000c0) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x5aa}, 0xc) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x101402, 0x0) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 14:15:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@local, 0x0, 0x0, 0xff, 0x1}, 0x20) [ 489.722237][T14217] BPF:Invalid magic 14:15:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) 14:15:39 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:39 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/packet\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) [ 490.069281][ T26] audit: type=1804 audit(1588169739.175:247): pid=14241 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/129/file0/bus" dev="loop5" ino=140 res=1 14:15:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600000000000084ffffffe300", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010001000000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) [ 490.216516][ T26] audit: type=1804 audit(1588169739.265:248): pid=14249 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/129/file0/bus" dev="loop5" ino=140 res=1 [ 490.343595][T14260] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 490.445727][T14260] bond1: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 490.525850][T14260] bond1: (slave ipvlan4): The slave device specified does not support setting the MAC address [ 490.551940][T14260] bond1: (slave ipvlan4): Setting fail_over_mac to active for active-backup mode [ 490.568758][T14260] 8021q: adding VLAN 0 to HW filter on device ipvlan4 [ 490.719080][T14297] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 14:15:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:39 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@local, 0x800, 0x0, 0xff, 0x1}, 0x20) 14:15:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) 14:15:39 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@local, 0x0, 0x0, 0xff, 0x1}, 0x21) 14:15:40 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x37cb1133) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8006}, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000), 0x4) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xc60}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0xd8, r4, 0x20, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x50}, 0x200000c0) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x5aa}, 0xc) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x101402, 0x0) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 14:15:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x0) 14:15:40 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:40 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) dup2(r3, r0) [ 491.183186][ T26] audit: type=1804 audit(1588169740.285:249): pid=14334 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/130/file0/bus" dev="loop5" ino=141 res=1 14:15:40 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r1 = dup(r0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 14:15:40 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r1 = dup(r0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) [ 491.349620][ T26] audit: type=1804 audit(1588169740.445:250): pid=14346 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/130/file0/bus" dev="loop5" ino=141 res=1 14:15:40 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:41 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x0) 14:15:41 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x37cb1133) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8006}, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000), 0x4) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xc60}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0xd8, r4, 0x20, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x50}, 0x200000c0) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x5aa}, 0xc) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x101402, 0x0) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 14:15:41 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./fi'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 492.239492][ T26] audit: type=1804 audit(1588169741.345:251): pid=14386 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/131/file0/bus" dev="loop5" ino=142 res=1 14:15:41 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x0) 14:15:41 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./fi'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:41 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x0) [ 492.459771][ T26] audit: type=1804 audit(1588169741.485:252): pid=14396 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/131/file0/bus" dev="loop5" ino=142 res=1 14:15:41 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./fi'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:41 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:42 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:42 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x80002, 0x0) bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) 14:15:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7115}, 0x0) 14:15:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:42 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 493.325436][ T26] audit: type=1804 audit(1588169742.425:253): pid=14443 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/132/file0/bus" dev="loop5" ino=143 res=1 14:15:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c74657200000000000000000000080000000000000000000000000000000e0000000400000078030000a001000000000000d000000000000000a0010000a8020000a8020000a8020000a8020000a802000004000000", @ANYPTR, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f800000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000ff000000000000000069726c616e300000000000000000000065727370616e3000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b0000ff030000000000fcffffffffffffff0000000000000000fe80000000000000000000000000001e000001fe000000ff000000ff7fffff004e204e204e204e220500000000800000070000006f07000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x3) sendmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3bd677c8f021", 0x6}], 0x1}}], 0x1, 0x406ada4) write(r0, &(0x7f0000000100)="0012", 0x2) 14:15:42 executing program 4: r0 = mq_open(&(0x7f0000001380)='eth0\x00', 0x0, 0x0, 0x0) preadv(r0, &(0x7f00000023c0)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0) 14:15:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 493.558209][ T26] audit: type=1804 audit(1588169742.595:254): pid=14448 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/132/file0/bus" dev="loop5" ino=143 res=1 14:15:42 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c74657200000000000000000000080000000000000000000000000000000e0000000400000078030000a001000000000000d000000000000000a0010000a8020000a8020000a8020000a8020000a802000004000000", @ANYPTR, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f800000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000ff000000000000000069726c616e300000000000000000000065727370616e3000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b0000ff030000000000fcffffffffffffff0000000000000000fe80000000000000000000000000001e000001fe000000ff000000ff7fffff004e204e204e204e220500000000800000070000006f07000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x3) sendmmsg(r2, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3bd6", 0x2}], 0x1}}], 0x1, 0x406ada4) write(r2, &(0x7f0000000100)="0012", 0x2) 14:15:42 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], 0x0, 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 493.724559][T14457] x_tables: duplicate underflow at hook 2 [ 493.812673][T14459] x_tables: duplicate underflow at hook 2 [ 493.922985][T14464] x_tables: duplicate underflow at hook 2 14:15:43 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c74657200000000000000000000080000000000000000000000000000000e0000000400000078030000a001000000000000d000000000000000a0010000a8020000a8020000a8020000a8020000a802000004000000", @ANYPTR, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f800000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000ff000000000000000069726c616e300000000000000000000065727370616e3000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b0000ff030000000000fcffffffffffffff0000000000000000fe80000000000000000000000000001e000001fe000000ff000000ff7fffff004e204e204e204e220500000000800000070000006f07000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x3) sendmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3bd677c8f021", 0x6}], 0x1}}], 0x1, 0x406ada4) write(r0, &(0x7f0000000100)="0012", 0x2) [ 493.990913][T14464] x_tables: duplicate underflow at hook 2 14:15:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:43 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], 0x0, 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 494.139632][ T8000] attempt to access beyond end of device [ 494.173605][ T8000] loop5: rw=1, want=7301, limit=63 [ 494.192358][T14476] x_tables: duplicate underflow at hook 2 14:15:43 executing program 0: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000780)=[{&(0x7f0000000380)=""/233, 0xe9}, {&(0x7f0000000480)=""/215, 0xd7}, {&(0x7f0000000580)=""/239, 0xef}, {0x0}, {&(0x7f0000000240)=""/66, 0x42}], 0x5, 0x2) 14:15:43 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/netlink\x00') sendfile(r0, r1, 0x0, 0x80000005) 14:15:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 494.246685][ T8000] attempt to access beyond end of device [ 494.252410][ T8000] loop5: rw=1, want=9349, limit=63 14:15:43 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x84, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r1 = dup(r0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffd61) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x0) 14:15:43 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], 0x0, 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 494.303988][ T8000] attempt to access beyond end of device [ 494.340948][ T8000] loop5: rw=1, want=11397, limit=63 [ 494.390476][ T8000] attempt to access beyond end of device [ 494.405147][ T8000] loop5: rw=1, want=13445, limit=63 14:15:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 494.437342][ T8000] attempt to access beyond end of device [ 494.452065][ T8000] loop5: rw=1, want=15493, limit=63 14:15:43 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 494.490507][ T8000] attempt to access beyond end of device [ 494.521134][ T8000] loop5: rw=1, want=17541, limit=63 [ 494.549580][ T8000] attempt to access beyond end of device [ 494.565562][ T8000] loop5: rw=1, want=19589, limit=63 14:15:43 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 494.596372][ T8000] attempt to access beyond end of device [ 494.608786][ T8000] loop5: rw=1, want=21477, limit=63 14:15:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:43 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_gettime(r1, 0x0) [ 495.009750][ T26] audit: type=1804 audit(1588169744.115:255): pid=14522 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/133/file0/bus" dev="loop5" ino=144 res=1 [ 495.208785][ T26] audit: type=1804 audit(1588169744.315:256): pid=14528 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/133/file0/bus" dev="loop5" ino=144 res=1 14:15:44 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:44 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:44 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c74657200000000000000000000080000000000000000000000000000000e0000000400000078030000a001000000000000d000000000000000a0010000a8020000a8020000a8020000a8020000a802000004000000", @ANYPTR, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f800000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000ff000000000000000069726c616e300000000000000000000065727370616e3000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b0000ff030000000000fcffffffffffffff0000000000000000fe80000000000000000000000000001e000001fe000000ff000000ff7fffff004e204e204e204e220500000000800000070000006f07000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x3) sendmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3bd677c8f02197a8a743c80e2ec65478e01d5f6df1a2240710496bfd1beffd848dc575383250cdb2682a64161b4a", 0x2e}], 0x1}}], 0x1, 0x406ada4) write(r0, &(0x7f0000000100)="0012", 0x2) 14:15:44 executing program 0: r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() select(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0xd) 14:15:44 executing program 1: r0 = mq_open(&(0x7f0000001380)='eth0\x00', 0x42, 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mq_unlink(&(0x7f0000000140)='eth0\x00') 14:15:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 495.835266][T14549] x_tables: duplicate underflow at hook 2 [ 495.844283][T14552] x_tables: duplicate underflow at hook 2 14:15:45 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x4e, &(0x7f0000000180)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a0f000", 0x18, 0x3a, 0xff, @rand_addr=' \x01\x00', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, [], @local}}}}}}, 0x0) 14:15:45 executing program 3: socket$inet(0x2, 0x4000000000000001, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) futex(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0) 14:15:45 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:45 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r0, &(0x7f0000000800)=@hci, 0x80) [ 496.055129][T14567] ICMPv6: NA: aa:aa:aa:aa:aa:bb advertised our address fe80::aa on syz_tun! [ 496.083375][ T26] audit: type=1804 audit(1588169745.185:257): pid=14568 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/134/file0/bus" dev="loop5" ino=145 res=1 14:15:45 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="dfbc58ef6edd8c56a50104ad3279f601", 0x10) r2 = accept(r1, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xff) 14:15:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 496.282131][ T26] audit: type=1804 audit(1588169745.385:258): pid=14580 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/134/file0/bus" dev="loop5" ino=145 res=1 14:15:45 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) readahead(r2, 0x0, 0x0) 14:15:45 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:45 executing program 4: syz_emit_ethernet(0x5e, &(0x7f00000004c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tipc_packet={0x0, 0x6, "aa67fe", 0x28, 0x6, 0x0, @local, @dev, {[], @payload_named={{{{{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}}}}}, 0x0) 14:15:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:45 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 496.866683][ T204] attempt to access beyond end of device [ 496.879271][ T204] loop5: rw=1, want=11237, limit=63 [ 496.886326][T14607] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. 14:15:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f0000000300)=0x84, 0x4) 14:15:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 496.914009][ T204] attempt to access beyond end of device [ 496.934412][ T204] loop5: rw=1, want=13285, limit=63 14:15:46 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x0, @dev}, 0x10) [ 497.000506][ T204] attempt to access beyond end of device [ 497.028765][ T204] loop5: rw=1, want=15333, limit=63 14:15:46 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) [ 497.064909][ T204] attempt to access beyond end of device [ 497.089711][ T204] loop5: rw=1, want=17381, limit=63 14:15:46 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 497.115069][T14621] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. [ 497.148340][ T204] attempt to access beyond end of device [ 497.166619][ T204] loop5: rw=1, want=19429, limit=63 14:15:46 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = gettid() ptrace$getsig(0x4202, r2, 0x0, 0x0) 14:15:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:46 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c74657200000000000000000000080000000000000000000000000000000e0000000400000078030000a001000000000000d000000000000000a0010000a8020000a8020000a8020000a8020000a802000004000000", @ANYPTR, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f800000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000ff000000000000000069726c616e300000000000000000000065727370616e3000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b0000ff030000000000fcffffffffffffff0000000000000000fe80000000000000000000000000001e000001fe000000ff000000ff7fffff004e204e204e204e220500000000800000070000006f07000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x3) sendmmsg(r2, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3bd677c8f02197a8a743c80e2ec65478e01d5f6df1a2240710496bfd1beffd848dc575383250cdb2682a64161b4ad37b", 0x30}], 0x1}}], 0x1, 0x406ada4) write(r2, &(0x7f0000000100)="0012", 0x2) [ 497.212063][ T204] attempt to access beyond end of device [ 497.237189][ T204] loop5: rw=1, want=21477, limit=63 [ 497.266113][ T204] attempt to access beyond end of device [ 497.271917][ T204] loop5: rw=1, want=23525, limit=63 [ 497.297747][ T204] attempt to access beyond end of device 14:15:46 executing program 3: socket$netlink(0x10, 0x3, 0x4000000000000004) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 497.310182][T14631] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. [ 497.321859][ T204] loop5: rw=1, want=25573, limit=63 [ 497.337078][ T204] attempt to access beyond end of device [ 497.358692][ T204] loop5: rw=1, want=26193, limit=63 14:15:46 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 497.418288][T14638] x_tables: duplicate underflow at hook 2 [ 497.442423][T14638] x_tables: duplicate underflow at hook 2 [ 497.811631][ T26] audit: type=1804 audit(1588169746.915:259): pid=14654 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/135/file0/bus" dev="loop5" ino=146 res=1 [ 498.061848][ T26] audit: type=1804 audit(1588169747.165:260): pid=14659 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/135/file0/bus" dev="loop5" ino=146 res=1 14:15:47 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) 14:15:47 executing program 1: msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x5) 14:15:47 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000080)) 14:15:47 executing program 3: socket$netlink(0x10, 0x3, 0x4000000000000004) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 14:15:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:47 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) [ 498.630873][ T21] attempt to access beyond end of device [ 498.715711][ T21] loop5: rw=1, want=10853, limit=63 14:15:47 executing program 3: socket$netlink(0x10, 0x3, 0x4000000000000004) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 498.797102][ T21] attempt to access beyond end of device [ 498.802793][ T21] loop5: rw=1, want=12901, limit=63 14:15:48 executing program 1: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10) 14:15:48 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) [ 498.894377][ T21] attempt to access beyond end of device 14:15:48 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}) 14:15:48 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) [ 498.984857][ T21] loop5: rw=1, want=14949, limit=63 14:15:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, 0x0, 0x0) [ 499.036670][ T21] attempt to access beyond end of device [ 499.063398][ T21] loop5: rw=1, want=16997, limit=63 14:15:48 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) [ 499.121621][ T21] attempt to access beyond end of device [ 499.142081][ T21] loop5: rw=1, want=19045, limit=63 14:15:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, 0x0, 0x0) [ 499.209247][ T21] attempt to access beyond end of device 14:15:48 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000040, &(0x7f000031e000), 0x1c) [ 499.294796][ T21] loop5: rw=1, want=21093, limit=63 14:15:48 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, 0x0) [ 499.376169][ T21] attempt to access beyond end of device [ 499.423779][ T21] loop5: rw=1, want=23141, limit=63 [ 499.455497][ T21] attempt to access beyond end of device [ 499.480701][ T21] loop5: rw=1, want=25189, limit=63 [ 499.520921][T14711] EXT4-fs (sda1): re-mounted. Opts: [ 499.522692][ T21] attempt to access beyond end of device [ 499.546065][ T21] loop5: rw=1, want=26881, limit=63 [ 499.874129][ T26] audit: type=1804 audit(1588169748.975:261): pid=14720 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/136/file0/bus" dev="loop5" ino=147 res=1 [ 500.173916][ T26] audit: type=1804 audit(1588169749.275:262): pid=14725 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/136/file0/bus" dev="loop5" ino=147 res=1 14:15:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:49 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x6080, 0x0) 14:15:49 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) 14:15:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, 0x0, 0x0) 14:15:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000001c0)=@ccm_128={{}, "d02a2a85cc050d8e", "a6fe70effb080afc74281d84a67b1c8e", "4d7411ba", "a3b62a84206c8ea9"}, 0x28) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32], 0x4) 14:15:49 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, 0x0) [ 500.703564][ T21] attempt to access beyond end of device [ 500.721596][ T21] loop5: rw=1, want=11713, limit=63 14:15:49 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) set_thread_area(0x0) [ 500.748210][ T21] attempt to access beyond end of device [ 500.759983][ T21] loop5: rw=1, want=13769, limit=63 [ 500.773871][T14732] EXT4-fs (sda1): re-mounted. Opts: [ 500.788623][ T21] attempt to access beyond end of device [ 500.797576][ T21] loop5: rw=1, want=15817, limit=63 [ 500.812890][ T21] attempt to access beyond end of device [ 500.819666][ T21] loop5: rw=1, want=17865, limit=63 [ 500.834657][ T21] attempt to access beyond end of device [ 500.840524][ T21] loop5: rw=1, want=19913, limit=63 14:15:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140), 0x0) [ 500.852609][ T21] attempt to access beyond end of device [ 500.858685][ T21] loop5: rw=1, want=21961, limit=63 [ 500.870290][ T21] attempt to access beyond end of device [ 500.876221][ T21] loop5: rw=1, want=23533, limit=63 14:15:50 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x6080, 0x0) 14:15:50 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, 0x0) 14:15:50 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) set_thread_area(0x0) 14:15:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140), 0x0) [ 501.196435][ T26] audit: type=1804 audit(1588169750.305:263): pid=14753 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/137/file0/bus" dev="loop5" ino=148 res=1 [ 501.300011][T14752] EXT4-fs (sda1): re-mounted. Opts: [ 501.375762][ T26] audit: type=1804 audit(1588169750.395:264): pid=14757 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/137/file0/bus" dev="loop5" ino=148 res=1 14:15:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:51 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) set_thread_area(0x0) 14:15:51 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x6080, 0x0) 14:15:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140), 0x0) 14:15:51 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)) 14:15:51 executing program 4: semctl$IPC_INFO(0x0, 0xb15171edc9a04ff4, 0x10, 0x0) 14:15:51 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:15:51 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x6080, 0x0) [ 502.102885][T14781] EXT4-fs (sda1): re-mounted. Opts: 14:15:51 executing program 4: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000a00)=0x2, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000000), 0x4) 14:15:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{0x0}], 0x1) [ 502.234519][ T26] audit: type=1804 audit(1588169751.335:265): pid=14789 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/138/file0/bus" dev="loop5" ino=149 res=1 14:15:51 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)) [ 502.520683][ T26] audit: type=1804 audit(1588169751.626:266): pid=14797 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/138/file0/bus" dev="loop5" ino=149 res=1 14:15:51 executing program 1: openat$nvram(0xffffffffffffff9c, 0x0, 0x6080, 0x0) [ 502.806198][T14807] EXT4-fs (sda1): re-mounted. Opts: 14:15:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{0x0}], 0x1) 14:15:52 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:15:52 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 14:15:52 executing program 1: openat$nvram(0xffffffffffffff9c, 0x0, 0x6080, 0x0) 14:15:52 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)) 14:15:52 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:15:52 executing program 1: openat$nvram(0xffffffffffffff9c, 0x0, 0x6080, 0x0) 14:15:52 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 14:15:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{0x0}], 0x1) [ 503.263857][T14826] EXT4-fs (sda1): re-mounted. Opts: 14:15:52 executing program 0: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) [ 503.383305][ T26] audit: type=1804 audit(1588169752.486:267): pid=14832 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/139/file0/bus" dev="loop5" ino=150 res=1 14:15:52 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x0, 0x0) [ 503.502353][ T26] audit: type=1804 audit(1588169752.606:268): pid=14846 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/139/file0/bus" dev="loop5" ino=150 res=1 14:15:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:53 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks'}}]}) 14:15:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)}], 0x1) 14:15:53 executing program 0: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:15:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) 14:15:53 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x0, 0x0) [ 504.110833][ T8003] attempt to access beyond end of device [ 504.161051][ T8003] loop5: rw=1, want=6453, limit=63 [ 504.234496][ T8003] attempt to access beyond end of device [ 504.269681][T14863] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000000000, 14:15:53 executing program 0: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:15:53 executing program 1: openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x0, 0x0) [ 504.281694][ T8003] loop5: rw=1, want=8501, limit=63 14:15:53 executing program 4: 14:15:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)}], 0x1) [ 504.307661][ T8003] attempt to access beyond end of device [ 504.313489][ T8003] loop5: rw=1, want=10549, limit=63 [ 504.327544][ T8003] attempt to access beyond end of device [ 504.333294][ T8003] loop5: rw=1, want=12597, limit=63 [ 504.349545][ T8003] attempt to access beyond end of device [ 504.375064][ T8003] loop5: rw=1, want=14645, limit=63 14:15:53 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks'}}]}) [ 504.416977][ T8003] attempt to access beyond end of device [ 504.431307][ T8003] loop5: rw=1, want=16693, limit=63 14:15:53 executing program 4: [ 504.488533][ T8003] attempt to access beyond end of device [ 504.510833][ T8003] loop5: rw=1, want=18741, limit=63 [ 504.575264][ T8003] attempt to access beyond end of device [ 504.593538][ T8003] loop5: rw=1, want=20789, limit=63 [ 504.607958][ T8003] attempt to access beyond end of device [ 504.614572][ T8003] loop5: rw=1, want=20825, limit=63 [ 504.630461][T14876] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000000000, [ 504.965311][ T26] audit: type=1804 audit(1588169754.066:269): pid=14888 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/140/file0/bus" dev="loop5" ino=151 res=1 [ 505.055258][ T26] audit: type=1804 audit(1588169754.166:270): pid=14891 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/140/file0/bus" dev="loop5" ino=151 res=1 14:15:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:54 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) 14:15:54 executing program 1: 14:15:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)}], 0x1) 14:15:54 executing program 2: creat(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x148100c, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2aa403e, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks'}}]}) 14:15:54 executing program 4: 14:15:54 executing program 1: [ 505.760641][ T8000] attempt to access beyond end of device [ 505.797512][T14898] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0x0000000000000000, 14:15:55 executing program 2: [ 505.838894][ T8000] loop5: rw=1, want=5653, limit=63 14:15:55 executing program 4: 14:15:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f640094000589", 0x2c}], 0x1) [ 505.886204][ T8000] attempt to access beyond end of device [ 505.894459][ T8000] loop5: rw=1, want=7701, limit=63 14:15:55 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) [ 505.963530][ T8000] attempt to access beyond end of device [ 505.996090][ T8000] loop5: rw=1, want=9749, limit=63 14:15:55 executing program 1: [ 506.052783][ T8000] attempt to access beyond end of device [ 506.088953][ T8000] loop5: rw=1, want=11797, limit=63 [ 506.160630][ T8000] attempt to access beyond end of device [ 506.190152][ T8000] loop5: rw=1, want=13845, limit=63 [ 506.209359][ T8000] attempt to access beyond end of device [ 506.217964][ T8000] loop5: rw=1, want=15893, limit=63 [ 506.232213][ T8000] attempt to access beyond end of device [ 506.240724][ T8000] loop5: rw=1, want=17941, limit=63 [ 506.254396][ T8000] attempt to access beyond end of device [ 506.264710][ T8000] loop5: rw=1, want=19989, limit=63 [ 506.288117][ T8000] attempt to access beyond end of device [ 506.293849][ T8000] loop5: rw=1, want=22037, limit=63 [ 506.310779][ T8000] attempt to access beyond end of device [ 506.337567][ T8000] loop5: rw=1, want=24085, limit=63 [ 506.344814][ T8000] attempt to access beyond end of device [ 506.351860][ T8000] loop5: rw=1, want=24177, limit=63 [ 506.613397][ T26] audit: type=1804 audit(1588169755.716:271): pid=14920 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/141/file0/bus" dev="loop5" ino=152 res=1 [ 506.706645][ T26] audit: type=1804 audit(1588169755.786:272): pid=14923 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/141/file0/bus" dev="loop5" ino=152 res=1 14:15:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:56 executing program 2: 14:15:56 executing program 4: 14:15:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f640094000589", 0x2c}], 0x1) 14:15:56 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_thread_area(0x0) 14:15:56 executing program 1: 14:15:56 executing program 1: [ 507.391241][ T29] attempt to access beyond end of device [ 507.426575][ T29] loop5: rw=1, want=3797, limit=63 14:15:56 executing program 4: [ 507.470141][ T29] attempt to access beyond end of device [ 507.497048][ T29] loop5: rw=1, want=5845, limit=63 14:15:56 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:15:56 executing program 2: [ 507.534189][ T29] attempt to access beyond end of device [ 507.556053][ T29] loop5: rw=1, want=7893, limit=63 14:15:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f640094000589", 0x2c}], 0x1) 14:15:56 executing program 4: [ 507.626455][ T29] attempt to access beyond end of device [ 507.663777][ T29] loop5: rw=1, want=9941, limit=63 [ 507.705790][ T29] attempt to access beyond end of device [ 507.718419][ T29] loop5: rw=1, want=11989, limit=63 [ 507.743024][ T29] attempt to access beyond end of device [ 507.759971][ T29] loop5: rw=1, want=14037, limit=63 [ 507.804432][ T29] attempt to access beyond end of device [ 507.816283][ T29] loop5: rw=1, want=16085, limit=63 [ 507.839215][ T29] attempt to access beyond end of device [ 507.848204][ T29] loop5: rw=1, want=18133, limit=63 [ 507.868620][ T29] attempt to access beyond end of device [ 507.874315][ T29] loop5: rw=1, want=20181, limit=63 [ 507.886597][ T29] attempt to access beyond end of device [ 507.892368][ T29] loop5: rw=1, want=22229, limit=63 [ 507.904365][ T29] attempt to access beyond end of device [ 507.910674][ T29] loop5: rw=1, want=24277, limit=63 [ 507.927720][ T29] attempt to access beyond end of device [ 507.933418][ T29] loop5: rw=1, want=24973, limit=63 [ 508.206353][ T26] audit: type=1804 audit(1588169757.316:273): pid=14946 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/142/file0/bus" dev="loop5" ino=153 res=1 [ 508.294041][ T26] audit: type=1804 audit(1588169757.356:274): pid=14949 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/142/file0/bus" dev="loop5" ino=153 res=1 14:15:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r2) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080", 0x42}], 0x1) 14:15:58 executing program 1: 14:15:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:15:58 executing program 2: 14:15:58 executing program 4: 14:15:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) [ 509.012726][ T29] attempt to access beyond end of device [ 509.035193][ T29] loop5: rw=1, want=3213, limit=63 14:15:58 executing program 4: 14:15:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080", 0x42}], 0x1) 14:15:58 executing program 2: 14:15:58 executing program 1: [ 509.111612][ T29] attempt to access beyond end of device [ 509.133513][ T29] loop5: rw=1, want=5261, limit=63 [ 509.193487][ T29] attempt to access beyond end of device [ 509.222965][ T29] loop5: rw=1, want=7309, limit=63 14:15:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) [ 509.264653][ T29] attempt to access beyond end of device [ 509.296932][ T29] loop5: rw=1, want=9357, limit=63 [ 509.347841][ T29] attempt to access beyond end of device [ 509.374448][ T29] loop5: rw=1, want=11405, limit=63 [ 509.390880][ T29] attempt to access beyond end of device [ 509.417518][ T29] loop5: rw=1, want=13453, limit=63 [ 509.431943][ T29] attempt to access beyond end of device [ 509.438551][ T29] loop5: rw=1, want=15501, limit=63 [ 509.452974][ T29] attempt to access beyond end of device [ 509.459131][ T29] loop5: rw=1, want=17549, limit=63 [ 509.473552][ T29] attempt to access beyond end of device [ 509.479596][ T29] loop5: rw=1, want=19597, limit=63 [ 509.493671][ T29] attempt to access beyond end of device [ 509.500237][ T29] loop5: rw=1, want=21645, limit=63 [ 509.521842][ T29] attempt to access beyond end of device [ 509.528713][ T29] loop5: rw=1, want=23693, limit=63 [ 509.546461][ T29] attempt to access beyond end of device [ 509.552199][ T29] loop5: rw=1, want=25741, limit=63 [ 509.569494][ T29] attempt to access beyond end of device [ 509.587441][ T29] loop5: rw=1, want=26421, limit=63 [ 509.802619][ T26] audit: type=1804 audit(1588169758.906:275): pid=14973 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/143/file0/bus" dev="loop5" ino=154 res=1 [ 509.918241][ T26] audit: type=1804 audit(1588169758.976:276): pid=14977 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/143/file0/bus" dev="loop5" ino=154 res=1 14:15:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r2) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:15:59 executing program 1: 14:15:59 executing program 4: 14:15:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080", 0x42}], 0x1) 14:15:59 executing program 2: 14:15:59 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:15:59 executing program 4: [ 510.693497][ T8000] attempt to access beyond end of device [ 510.757267][ T8000] loop5: rw=1, want=3877, limit=63 14:15:59 executing program 1: 14:15:59 executing program 2: [ 510.809921][ T8000] attempt to access beyond end of device 14:16:00 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_thread_area(0x0) 14:16:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd0000001000010000", 0x4d}], 0x1) [ 510.859278][ T8000] loop5: rw=1, want=5925, limit=63 14:16:00 executing program 4: [ 510.909453][ T8000] attempt to access beyond end of device [ 510.935206][ T8000] loop5: rw=1, want=7973, limit=63 [ 510.982717][ T8000] attempt to access beyond end of device [ 511.012609][ T8000] loop5: rw=1, want=10021, limit=63 [ 511.064591][ T8000] attempt to access beyond end of device [ 511.092902][ T8000] loop5: rw=1, want=12069, limit=63 [ 511.163421][ T8000] attempt to access beyond end of device [ 511.193981][ T8000] loop5: rw=1, want=14117, limit=63 [ 511.259861][ T8000] attempt to access beyond end of device [ 511.276418][ T8000] loop5: rw=1, want=16165, limit=63 [ 511.298248][ T8000] attempt to access beyond end of device [ 511.303974][ T8000] loop5: rw=1, want=18213, limit=63 [ 511.330677][ T8000] attempt to access beyond end of device [ 511.344769][ T8000] loop5: rw=1, want=20261, limit=63 [ 511.369715][ T8000] attempt to access beyond end of device [ 511.385279][ T8000] loop5: rw=1, want=22309, limit=63 [ 511.396190][ T8000] attempt to access beyond end of device [ 511.422297][ T8000] loop5: rw=1, want=24357, limit=63 [ 511.443274][ T8000] attempt to access beyond end of device [ 511.448999][ T8000] loop5: rw=1, want=26405, limit=63 [ 511.468054][ T8000] attempt to access beyond end of device [ 511.473738][ T8000] loop5: rw=1, want=27365, limit=63 [ 511.821871][ T26] audit: type=1804 audit(1588169760.926:277): pid=15001 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/144/file0/bus" dev="loop5" ino=155 res=1 [ 512.061408][ T26] audit: type=1804 audit(1588169760.976:278): pid=15004 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/144/file0/bus" dev="loop5" ino=155 res=1 14:16:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r2) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:01 executing program 2: 14:16:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd0000001000010000", 0x4d}], 0x1) 14:16:01 executing program 1: 14:16:01 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:16:01 executing program 4: [ 512.671349][ T8003] attempt to access beyond end of device [ 512.687474][ T8003] loop5: rw=1, want=3021, limit=63 14:16:01 executing program 1: 14:16:01 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:16:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd0000001000010000", 0x4d}], 0x1) 14:16:01 executing program 2: [ 512.727863][ T8003] attempt to access beyond end of device [ 512.765552][ T8003] loop5: rw=1, want=5069, limit=63 14:16:01 executing program 4: [ 512.821432][ T8003] attempt to access beyond end of device [ 512.877778][ T8003] loop5: rw=1, want=7117, limit=63 14:16:02 executing program 1: [ 512.909729][ T8003] attempt to access beyond end of device [ 512.928995][ T8003] loop5: rw=1, want=9165, limit=63 [ 512.980203][ T8003] attempt to access beyond end of device [ 513.001538][ T8003] loop5: rw=1, want=11213, limit=63 [ 513.043207][ T8003] attempt to access beyond end of device [ 513.051984][ T8003] loop5: rw=1, want=13261, limit=63 [ 513.069410][ T8003] attempt to access beyond end of device [ 513.078313][ T8003] loop5: rw=1, want=15309, limit=63 [ 513.124610][ T8003] attempt to access beyond end of device [ 513.131969][ T8003] loop5: rw=1, want=17357, limit=63 [ 513.163704][ T8003] attempt to access beyond end of device [ 513.170092][ T8003] loop5: rw=1, want=19405, limit=63 [ 513.184892][ T8003] attempt to access beyond end of device [ 513.190578][ T8003] loop5: rw=1, want=21453, limit=63 [ 513.220428][ T8003] attempt to access beyond end of device [ 513.240460][ T8003] loop5: rw=1, want=23501, limit=63 [ 513.255123][ T8003] attempt to access beyond end of device [ 513.260815][ T8003] loop5: rw=1, want=25549, limit=63 [ 513.273678][ T8003] attempt to access beyond end of device [ 513.279931][ T8003] loop5: rw=1, want=26477, limit=63 [ 513.508512][ T26] audit: type=1804 audit(1588169762.616:279): pid=15027 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/145/file0/bus" dev="loop5" ino=156 res=1 [ 513.595578][ T26] audit: type=1804 audit(1588169762.666:280): pid=15031 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/145/file0/bus" dev="loop5" ino=156 res=1 14:16:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff00", 0x53}], 0x1) 14:16:03 executing program 2: 14:16:03 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) set_thread_area(0x0) 14:16:03 executing program 4: 14:16:03 executing program 1: [ 514.345446][ T8003] attempt to access beyond end of device [ 514.363343][ T8003] loop5: rw=1, want=3069, limit=63 14:16:03 executing program 4: 14:16:03 executing program 1: 14:16:03 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) set_thread_area(0x0) 14:16:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff00", 0x53}], 0x1) 14:16:03 executing program 2: [ 514.402468][ T8003] attempt to access beyond end of device [ 514.423776][ T8003] loop5: rw=1, want=5117, limit=63 [ 514.454146][ T8003] attempt to access beyond end of device [ 514.472999][ T8003] loop5: rw=1, want=7165, limit=63 [ 514.513196][ T8003] attempt to access beyond end of device [ 514.531183][ T8003] loop5: rw=1, want=9213, limit=63 14:16:03 executing program 4: [ 514.564893][ T8003] attempt to access beyond end of device [ 514.584016][ T8003] loop5: rw=1, want=11261, limit=63 [ 514.628661][ T8003] attempt to access beyond end of device [ 514.645435][ T8003] loop5: rw=1, want=13309, limit=63 [ 514.676818][ T8003] attempt to access beyond end of device [ 514.700797][ T8003] loop5: rw=1, want=15357, limit=63 [ 514.717233][ T8003] attempt to access beyond end of device [ 514.723012][ T8003] loop5: rw=1, want=17405, limit=63 [ 514.744291][ T8003] attempt to access beyond end of device [ 514.750032][ T8003] loop5: rw=1, want=19453, limit=63 [ 514.764485][ T8003] attempt to access beyond end of device [ 514.770556][ T8003] loop5: rw=1, want=21501, limit=63 [ 514.793471][ T8003] attempt to access beyond end of device [ 514.817407][ T8003] loop5: rw=1, want=23549, limit=63 [ 514.841825][ T8003] attempt to access beyond end of device [ 514.848711][ T8003] loop5: rw=1, want=25597, limit=63 [ 514.863526][ T8003] attempt to access beyond end of device [ 514.869241][ T8003] loop5: rw=1, want=27645, limit=63 [ 514.883552][ T8003] attempt to access beyond end of device [ 514.889665][ T8003] loop5: rw=1, want=29693, limit=63 [ 514.902736][ T8003] attempt to access beyond end of device [ 514.909941][ T8003] loop5: rw=1, want=31265, limit=63 [ 515.137591][ T26] audit: type=1804 audit(1588169764.246:281): pid=15058 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/146/file0/bus" dev="loop5" ino=157 res=1 [ 515.215175][ T26] audit: type=1804 audit(1588169764.296:282): pid=15062 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/146/file0/bus" dev="loop5" ino=157 res=1 14:16:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:05 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) set_thread_area(0x0) 14:16:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff00", 0x53}], 0x1) 14:16:05 executing program 2: 14:16:05 executing program 1: 14:16:05 executing program 4: 14:16:05 executing program 4: 14:16:05 executing program 2: 14:16:05 executing program 1: 14:16:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e", 0x56}], 0x1) 14:16:05 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) set_thread_area(0x0) 14:16:05 executing program 4: [ 516.155583][ T26] audit: type=1804 audit(1588169765.266:283): pid=15081 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/147/file0/bus" dev="loop5" ino=158 res=1 [ 516.342852][ T26] audit: type=1804 audit(1588169765.336:284): pid=15087 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/147/file0/bus" dev="loop5" ino=158 res=1 14:16:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:06 executing program 2: 14:16:06 executing program 1: 14:16:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e", 0x56}], 0x1) 14:16:06 executing program 0: 14:16:06 executing program 4: [ 516.950207][ T8003] attempt to access beyond end of device [ 516.968682][ T8003] loop5: rw=1, want=3801, limit=63 14:16:06 executing program 1: 14:16:06 executing program 4: [ 517.003646][ T8003] attempt to access beyond end of device [ 517.023832][ T8003] loop5: rw=1, want=5849, limit=63 14:16:06 executing program 2: 14:16:06 executing program 0: [ 517.058373][ T8003] attempt to access beyond end of device [ 517.113830][ T8003] loop5: rw=1, want=7897, limit=63 14:16:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e", 0x56}], 0x1) [ 517.159637][ T8003] attempt to access beyond end of device [ 517.183071][ T8003] loop5: rw=1, want=9945, limit=63 14:16:06 executing program 1: [ 517.239080][ T8003] attempt to access beyond end of device [ 517.285697][ T8003] loop5: rw=1, want=11993, limit=63 [ 517.319493][ T8003] attempt to access beyond end of device [ 517.346834][ T8003] loop5: rw=1, want=14041, limit=63 [ 517.373342][ T8003] attempt to access beyond end of device [ 517.385766][ T8003] loop5: rw=1, want=16089, limit=63 [ 517.420014][ T8003] attempt to access beyond end of device [ 517.429583][ T8003] loop5: rw=1, want=18137, limit=63 [ 517.447685][ T8003] attempt to access beyond end of device [ 517.453370][ T8003] loop5: rw=1, want=20185, limit=63 [ 517.469098][ T8003] attempt to access beyond end of device [ 517.475275][ T8003] loop5: rw=1, want=22233, limit=63 [ 517.490457][ T8003] attempt to access beyond end of device [ 517.496349][ T8003] loop5: rw=1, want=24281, limit=63 [ 517.518816][ T8003] attempt to access beyond end of device [ 517.537137][ T8003] loop5: rw=1, want=24433, limit=63 [ 517.800728][ T26] audit: type=1804 audit(1588169766.906:285): pid=15121 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/148/file0/bus" dev="loop5" ino=159 res=1 [ 517.872270][ T26] audit: type=1804 audit(1588169766.976:286): pid=15125 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/148/file0/bus" dev="loop5" ino=159 res=1 14:16:07 executing program 0: 14:16:07 executing program 4: 14:16:07 executing program 2: 14:16:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05", 0x57}], 0x1) 14:16:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:07 executing program 1: 14:16:07 executing program 2: 14:16:07 executing program 4: 14:16:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05", 0x57}], 0x1) 14:16:07 executing program 1: 14:16:07 executing program 0: [ 518.841585][ T26] audit: type=1804 audit(1588169767.946:287): pid=15141 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/149/file0/bus" dev="loop5" ino=160 res=1 14:16:08 executing program 1: 14:16:08 executing program 4: 14:16:08 executing program 2: 14:16:08 executing program 0: [ 519.171695][ T26] audit: type=1804 audit(1588169767.996:288): pid=15145 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/149/file0/bus" dev="loop5" ino=160 res=1 14:16:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05", 0x57}], 0x1) 14:16:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:08 executing program 1: 14:16:08 executing program 2: 14:16:08 executing program 4: 14:16:08 executing program 0: 14:16:08 executing program 3: [ 519.720283][ T8000] attempt to access beyond end of device [ 519.743315][ T8000] loop5: rw=1, want=2969, limit=63 14:16:08 executing program 0: 14:16:08 executing program 2: 14:16:08 executing program 1: 14:16:08 executing program 4: [ 519.792156][ T8000] attempt to access beyond end of device 14:16:08 executing program 3: [ 519.857540][ T8000] loop5: rw=1, want=5017, limit=63 [ 519.879198][ T8000] attempt to access beyond end of device [ 519.892190][ T8000] loop5: rw=1, want=7065, limit=63 14:16:09 executing program 2: [ 519.933998][ T8000] attempt to access beyond end of device [ 519.965367][ T8000] loop5: rw=1, want=9113, limit=63 [ 520.022887][ T8000] attempt to access beyond end of device [ 520.053872][ T8000] loop5: rw=1, want=11161, limit=63 [ 520.099447][ T8000] attempt to access beyond end of device [ 520.123720][ T8000] loop5: rw=1, want=13209, limit=63 [ 520.149931][ T8000] attempt to access beyond end of device [ 520.160073][ T8000] loop5: rw=1, want=15257, limit=63 [ 520.172530][ T8000] attempt to access beyond end of device [ 520.182320][ T8000] loop5: rw=1, want=17305, limit=63 [ 520.198983][ T8000] attempt to access beyond end of device [ 520.224421][ T8000] loop5: rw=1, want=19353, limit=63 [ 520.245279][ T8000] attempt to access beyond end of device [ 520.250962][ T8000] loop5: rw=1, want=21401, limit=63 [ 520.269179][ T8000] attempt to access beyond end of device [ 520.284426][ T8000] loop5: rw=1, want=23449, limit=63 [ 520.292138][ T8000] attempt to access beyond end of device [ 520.298917][ T8000] loop5: rw=1, want=24421, limit=63 [ 520.567380][ T26] audit: type=1804 audit(1588169769.676:289): pid=15179 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/150/file0/bus" dev="loop5" ino=161 res=1 [ 520.626608][ T26] audit: type=1804 audit(1588169769.716:290): pid=15182 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/150/file0/bus" dev="loop5" ino=161 res=1 14:16:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:10 executing program 3: 14:16:10 executing program 0: 14:16:10 executing program 4: 14:16:10 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) 14:16:10 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) rt_sigpending(0x0, 0x0) 14:16:10 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) eventfd(0x0) 14:16:10 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x4000000000005e3, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 14:16:10 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 521.403892][ T26] audit: type=1326 audit(1588169770.506:291): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15189 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 521.466607][ T26] audit: type=1326 audit(1588169770.506:292): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15190 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 521.560678][ T26] audit: type=1326 audit(1588169770.666:293): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15201 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 521.585684][ T26] audit: type=1326 audit(1588169770.696:294): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15199 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 521.612659][T15208] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 14:16:11 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x4000000000005e3, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 14:16:11 executing program 2: mkdir(&(0x7f0000000140)='./control\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rmdir(&(0x7f0000000100)='./control\x00') 14:16:11 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) 14:16:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:11 executing program 0: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x36b07d66fd11c4bb, '\x00', 0x1}, 0xffffffffffffff60) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000040)={0x32, @remote, 0x4e24, 0x4, 'fo\x00', 0x28, 0x6, 0x2d}, 0x2c) r1 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000e00)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba00281293bd5d74dafc20380003000000c763bf0c0079be7a2ce3c134108fe74950f9b93a5ea08ee7257825501bb77bf723be80699ab51e67f4fee76bb7fad4231d844bc3c08f7352c53960ede02054e2418d890a676ec576ff0000005466eb935812a2d3e432b953a500000000000086314219123c233beca448dd9f82c124c794f7091e2b1023e629b0ad0ff74ed7d8102e0cbe3166973841c157945f577ea3aeba088227b92e997497b1ead14edc30039d7a01ae3efc82e30d345cbc9a14e11dd91ce716d1d19e059363ca36ea2e099cd3740210f66f32e73b897cca2b1550053d9e9edebbfcaa5e49b6e8148a4cc76efbeb16e3e4fd678792d290e73cb5ac591910db44cc7acbe3ef56f8e7b0bbfd7cdff112f906d369c82e03adc1b159b8f5b667d05136cb69c902e24d6169d941fbee0d1c74de251424cf0baac37166fc1ebbbe1845f3c64b249ddeff68200000007926172a71b7352cded84d4a4a5ed360834d5c802613a8984fdc57d958246ea0e632cf33194cae5fdc614766b334c5d18fa05bf41d6001550f00b285dd001aa6c334380000000000003cef53baf50f21397786474a5cbf031f5082a2f80eef99cc22873091415b93a182659554f6bfae312e1be51285e0bbefb5563b3d00c723b4812692f69e8faec289ae7b271e2e4b15b0f6ab9b1904b67862e13801c770206378e468511a84421b8ea4d797a0d22f6043c013ef87d1a8a8c5ec008100000000f6d56531c9afa8a87891761d5db8f71ccbe2c049324a4024a0bd90410ea72ced1e631b6d09222914499586226969692ecf637fdaae710f44d6420d9ca76e670db7157eb39645334db2c27985f17e331210d4d72d0f4c0388216ea877878eef19b9c4279682da12ccf9c71ba39b7a98f7c75929e892b126c6fcb7b10250cc3c100dec8f8a69e65d38ab13360e800af529dc2a0ff44d92bac515bb4a38b5afb9fb9c1989acc2d1c3367240f50fc50b460b6c24b42934a9ca929d355989f6a6eee666d55c987e40ba129fb8b8c42237e2a948a07176e81968dc902b634524e20bad0ca74b1042c0348fabbd642893fafa7d39aeb3cca9623bafb4b48bcdb8bc6c5a5d2bcd6303623194e0ac2e3b825d7fea9d12d77e3023d03fa4d78cb8b2dae12aebaf54f4b9c5f43c3fea13a66131ac7c500fc430c6b3efbbbb9731f253332195302c65b90e9d74127ba08215648e29f83198df103296e93abfcaf752a9f532036125e5cff562c1f061ebee1d0fa70d541a74d0d721c58b0e1e27d0bbbb386d76108ac4da3d31ef529f5fea6304f2aa7d315740984d596fcfee951843416b69f3d1e90ae6cae942a60cc3d5e97da9a26934858d3ec28195311fc6b2f79658fde133e7f45e53c347980f6ed762a963829a2988312d545eba2386034b63dd0db38ed9c2b3304a279e28fe556e44b92d64087778d75ffae7f0d664b29aafa57dc26efcba6d6d2726da8b8d85c7548cc3d412e18996ef61949bab80baf550769c6533e1db138e2e48414abe54838a66ae2877d832e6d8c85205fb65b841585c220bea87c4391b3514e72c043aea4cd9206552b839c8082978eb94fc79fceac4206c0a9425e4bd9b84c4511d60df5fe284e44deab74b44c11e2b4d1460c8d9738fef60e11c14bf00b1c095906a0c09317eddb13839024cbc00"/1245], 0x3c) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl(r0, 0x8916, &(0x7f0000000000)) ioctl(r0, 0x80000000008936, &(0x7f0000000000)) [ 522.480686][ T8003] attempt to access beyond end of device [ 522.492518][ T8003] loop5: rw=1, want=3821, limit=63 14:16:11 executing program 3: clone(0x0, 0x0, 0x0, 0x0, 0x0) ustat(0x2, &(0x7f0000000080)) [ 522.556043][ T8003] attempt to access beyond end of device [ 522.602987][ T8003] loop5: rw=1, want=5869, limit=63 [ 522.650011][ T8003] attempt to access beyond end of device [ 522.656787][T15234] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20004 [ 522.673691][ T8003] loop5: rw=1, want=7917, limit=63 14:16:11 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(0x0, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0xfffffffffffffff5}, 0x10) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x40000000011, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="00fb6507096499c77b47c140d847e5c4a6aab51c89beb46a175a64e7a1bc56f740c3e4abf5488359d2b26fb3f2220273b1d49e2c1a0cb65772f26361cf9c833d7e9e9264f8f6445a048a"], 0x1, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 522.686931][T15234] ERROR: Domain ' /sbin/init /usr/sbin/sshd /usr/sbin/sshd /bin/bash /root/syz-fuzzer /root/syz-executor.0 proc:/self/fd/4' not defined. [ 522.713691][ T8003] attempt to access beyond end of device [ 522.721892][ T8003] loop5: rw=1, want=9965, limit=63 14:16:11 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) get_robust_list(0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) [ 522.779791][ T8003] attempt to access beyond end of device [ 522.794905][ T8003] loop5: rw=1, want=12013, limit=63 14:16:12 executing program 4: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000100)={&(0x7f0000ffb000/0x2000)=nil, 0x4, 0x1, 0x2, &(0x7f0000ffc000/0x4000)=nil}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) syz_mount_image$nfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0}, 0x20000010) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000240)={0x8, {{0xa, 0x4e21, 0x7eedd465, @private1, 0x81}}, 0x1, 0x1, [{{0xa, 0x4e22, 0x5, @private2, 0xffff}}]}, 0x110) [ 522.829069][ T8003] attempt to access beyond end of device [ 522.835928][ T8003] loop5: rw=1, want=14061, limit=63 [ 522.857676][ T8003] attempt to access beyond end of device [ 522.863434][ T8003] loop5: rw=1, want=16109, limit=63 [ 522.908307][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 522.908324][ T26] audit: type=1326 audit(1588169772.016:302): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15243 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 522.945463][ T8003] attempt to access beyond end of device [ 522.973529][ T8003] loop5: rw=1, want=18157, limit=63 14:16:12 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) semop(0x0, 0x0, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, &(0x7f0000000240)=""/239) [ 523.001783][ T8003] attempt to access beyond end of device [ 523.009482][ T8003] loop5: rw=1, want=20205, limit=63 [ 523.024151][ T8003] attempt to access beyond end of device [ 523.030430][ T8003] loop5: rw=1, want=22253, limit=63 [ 523.064018][ T8003] attempt to access beyond end of device [ 523.079314][ T8003] loop5: rw=1, want=24301, limit=63 [ 523.101429][ T8003] attempt to access beyond end of device [ 523.113921][ T8003] loop5: rw=1, want=24761, limit=63 14:16:12 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000000000000025d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc00000000000000000000000000000068e9d3a60a6638d827e6b924fa38cb0ac9a54e6717be51823a60c823ae54f0f62e726a997709e4f607e04587cc1e6ffdd38bac11ef386a6345c45249749969439ffd339708a8db36eff87d320034e4acdb77ad04e6071c248ecaba793a4f7c1b09632388cd8558c93fba01c0f3736bb72ca1e78542e11f939f0265c321aba72a56c891cc69a0b4dafbc31dadd5d935266994d6b13f483f4cc8ca4172e39d1f4eabf12903027e870e56a000c308526cc9c456704d52e234f85a0f395f32fd031fa0670d076456", 0x10e}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000}}}, 0x78) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 523.397754][ T26] audit: type=1326 audit(1588169772.506:303): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 523.421272][ T26] audit: type=1326 audit(1588169772.536:304): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15255 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 14:16:12 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) creat(&(0x7f00000002c0)='./bus\x00', 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0) [ 523.569207][T15272] ptrace attach of "/root/syz-executor.1"[15269] was attempted by "/root/syz-executor.1"[15272] [ 523.621731][ T26] audit: type=1804 audit(1588169772.726:305): pid=15273 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/152/file0/bus" dev="loop5" ino=163 res=1 14:16:12 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000000)="183333c0f2ea3e321795c5d2868d8a2e818062610255496441", 0x19}, {&(0x7f0000000200)="3fe19b37b3cad16a112565bedb4811c8f703508787b7ed7e73d1788983d73f970cb9b0fd81b8d5f202009136bf84a15a99627518e8676ff9f0821e7b87314a755929a892e5aafeaa050ce6bc27db958d45c2e4ed23c706", 0x57}, {&(0x7f0000000040)="e8e418", 0x3}, {&(0x7f0000000500)="8e03d7dd4c7990603c5a489783c940f67b9e51e782d58fd4fe8b35af751522aa4befa3f60403c5df5709eb46476762df21caaac1b79b7511fd624977d5207d6384f5129e76ab40fc629f73e4083bdb6c1b6838272c95111a4dfe740af2c428e319e429d2a16e3cc503055ad9aa7480062da4b61699dff794e6736ffe02a5e73393bad32bdc9fe65ee275442da270d32cb70250d5a60231d645d9fc329aa0dd52244e16bb1776d7163ff676e16e3646118c59f1d2491230298392c807da718c43bd655a25b189c7fc9745ed54d50b4b945e9dec2ddcd512c9dc64c9fe43588d951aab7cb0d1636d03cdea3336fdf579df139318971904ce8ca8a8f7b769345ff6f62a44eb3c9e0fdb206424e2fdec177e5259e4563979bdc7d46770906ba34eba5148d07a3ba6089eaab351f0af2f10328ac178ecfda9da210a584654769b647232b3d6793ed7bab6583db90a690be1b8abca9cfb27afb3fc89640714694e343ad9e9f2e509abe37ab92b0575f58785e6869be46bdf577b1ba2531a54738742a974adaa98a3e3060fc47d3e122d00108a0bdffad0d573bd1af4101c12ada3636478e6b22431cafe712aeca207b80186d94cda1a49177e394a9155bcbe6aaffed6ec307abe484880f973a8a05df4668241e89f4a57a29a80062c632e8d0bea9c88b444b704600f9605b31a97e194092b1322a4d9fe3033c46f58174e746c094db9c0afcbcc62eb6edfb10e67d3007afc57fa46b1cba22a1d82ad99eea8ba3c8424370356650f0e6cc0c8669e2f150dfee71cc761b9e1aba0f820c92fd821faa56a5b33545e96fc53df2ef1146d300c28aa3517a0f940452263ba4022d19a9fad6fbc82a7e974b70fef57d1fb8adeaa45afd82ad075bb9980e105eeda7a8b1831d0d52a91e86fa537d3258e9a62bbd56764731f6e613318f504720df51433ab6394801d7d707c167020b967f5244e890f7fcdb00ddfba43e54b6f9ff694cce0e5a0bd76adbbb754433d50ec2e6732eab52c7aa246149e3fdc676de3a7a302db9a16fbbbca26f688f9637c7190d0fdde16538a041a5d0791e6dbdfb04d3281715c5062395ff075084a0466cff8bdaab31bda12b28215df9214f1717a1541448dbebabd546b63546a26b4c89bedc4b405d0e2c12431333b21d849259165e288a3a219939977321d4eae6de353002dce9ad9b8fd74cb6e626589fb8826a87da190031fd47903dd97502043c8df231fbeb21e00c8a1d9e063327fe457c762662e2c6496f8a9a40c1cc3372a9556de8aaa9b4abc924e168f9149c7422b6be310fe204899174999ad39eecf4e412b175e1f14630f5e1d19a51f2f12f984c07c5e7382c4e968c096178a9ebd9f767514ec1b51c66b3ca1e28d13336fe6906a40a2ee75942ad9253ae9f7a54ea0e5acf5d4a31366a5f6f58ca09ab4a3ed7399833e7361438f393d294c28050310c881b80534084ba92a7c82776fae53db59228d626ca989070a8c71ca5d5f8c879a11d709a8c7cea65907ab0efed5715317f628f9ae508d852778299143d1278b63bc73faecb4b7c5bd6c98a866e2be068432c86c361b549a68c8402d59d1443a09eff9a9f89de8fd658544a508b5d2cedcb788dd5c42d656031f07e8efcff2474bf6f777742c14815e5a6386b7bcbb58f3c52f00844f05a6efe6acad8be529f63340d8141d27ca7db1b843daf25b528a8f63fdb2fecd83209106068e5d2f1f69cb7f4b5b09b9319c14383551b10a80c38e51ef9f054d229b96cd8a51334a0694752acdfc7855da074a48866e02eda9c0addac0288007a7e6c3746508b60bd45d5569bdd2c783e0113f471ce48f0d5173b0be1684e519a9081fd83839cbb2eba3c78889c04d22d604a950a0100a39c7fa6b41b5d9e543ddca62242ea197f738edc4a8c626d8c5a4188942d6302329ad073bb1eef46c480419fe1d5d0db1b0e624d67def731f51f5664ceadd1fc06ec2b6b41e303d36b657a551d1e898102f699a69ca7b3ce32d24977b3553420ac71917d9b1d97f1b1646a81bd68c80d5662a9eacf3f2fe9b5e08021abb550e1214e0b11cdcbe79a420469ff7b496db2a139f1b6ab283bb641ccd4cc16be76ac0dc1477312de679886d502946b9445214e934151a6cdc9a3b500ab4e9ac5d1c9bfa8d32ff583bcb1dc0eff151e3f6c05cd23bebecc538df3ce3160603dd198538c904581ed1c831548c6c48d1d55fa7824dadc8e8c4ab32d6ac85e5aa02654b6d3a997c0e082a7836e14caf29e43a98b559daaca6601658ec4ce9d4c0eec4c8553ae4ac8648e73a871b54de56b38efe35273a7589f3b722fdb7f22f968194ccbc048c3f4663e05c1da95900f3beb53b7f4df65dc88c28d905055cb1acfce0e76e8182819192c3298d71b24c0fa4c6961431527cd44cabc634d2dc0314b47ef362936dafd075602819eff871cb5ae8aedf564feaa01586b6178c1dab243c5a9e90fde27bd2f290dffe3a73d16cc953d63ab3245f6d28a55ba69cefae83aa3ffb0ed04127da496c60ea40f6f99b9559e901c5f0c073d76d59f2e73ea0aa95bee91caf5ccb4fea7736acc004a80d0a6b76b45733d0d8692dd1ea86298080072711b102103b1ad864b180f8471bb33554989673ce0ea7dc05a2cd10e997f8b0523c855f1a87876689965f9432ac4826f77bd32a973a15441aafbd672c942672971d0c879aea349f789d3ca6c01107cebb607fa8a854c7d0242d7ef3ad035093cebf754648619e7d660e1ce3cfbed5da9e77dea66e462957b89bee31893c8ee5d4eac0c1388e2ec341170f38ebdb2172c230a349b7432cc0e97f7a0f56455ca97aa91da20d0409d153bc6c6f316f7d0dd56acefa984c464d2f730c23d1ee06bf0b5d9d53cbfd1147a7c071ec440b84102a1461386fee1bcd4808bff24310b4f0a46cfde2760d9d31511179398635544070e9fdbbcac67dd2a6db537a0dc613f4742c53c8ce64fdbfe2b53f3ab06f3ac4593cfae6182aa8f6729f018aad30c71051ef9323a6ce67e2a72262bd023b7bef70af0ec14a064cbf46c57a759b368a61ab2f44d882b60cdd766e3b2ab0fe6a851a196bb94f83afe0d24f49c18c6a146c19289a1924b65df2485a0fcba3d7e78a2c83184ff3eec1b5d5535a05b78fad9aa3f4b2c352f58f11923fb74310e0ef1ce40911fb37c182e5e53ecf0167815cb63f7e343088fea70c1d0629d40f490311e4f9f713ffd59032aa59c1c920de6b5df543eb507b29de0a77bce5be6fe192cd551f8ef0cf9f49bd0ddc924ef059bf03048da8cee840637bf562f7b7640f6b9d9f84c34dcc172324e7689d97e5ab71aedf01e6df379cb90eb2a416c74c798f66caaedf77283c8ca21a89522ee9331979c0680c3c0ef37415575ddff78448c621f953b484e419a5d43b9a0aa15dacd039d88c5e6b8c9af1c4f6f3867e1da940f5d8608778a85b1f39ae61f564ab31059196cb1c7bf4695b1391524790dc3fa06805af9c6928cb926294166bf9629c873ac7b2e232d77a544a4b34e78cb2ffb5a515771e4afd673aa9c04fa7e4d73653863af091ace66c61fb8221e58f126e501716be27dc8450cecb3a9bfad7d760ddd2d15a403f749e52f740c63c9188f5b80ad5d3e95a97a58097a566ee6ffbfec766b716e1c77ffe628ad51c147e2911cc8233a8d65f1214004dfb70714dfdc0b8e647bc26d052d6e876e054d8cf0662b94618adfb7e2b7deae882bec7e8b553389ac46801aa743a8434638c7596396d44448e22a17b2a29c0bc1d1650230838396b8df7352b91824af7e6b5d390d6b1ec4122d64828320a6c979f4a6d9344309db5212b2956dca61a02eeed9ca5d3e5f65fcd91b235a69c60ceb292ddf5c1a450f15898d3423790ae3a84f7d36d35dd8bf8e9d6732d39233a9b10c6aa83c33c6161d55a4fa1000945b018fb7a58e241bc6da0a6a9e02f954c344acbe371fa27db693fb1d74b93e14217264a679daebfeb0955eaa9332d3654274a9accf32135905cff88963b4f26b612d75da9fe4fea1aab70c911188902e348c8a41d7bff85c80b0168d85f5db9211d532544819601d29ddf3fcf26a5e30893d0a21df8ad72c0ae8a03fe76a70a8761a5677d37ca48208eba5359d149bef79110f5da65f0f97149d236f189bb8ea5b61e14ceb43274d6d8ef50450242b4a63260844cb83c485fcc4209b57fc5eb181f3bb611b90dd497686301a252936949358b401c85d9ed5fb6c7dacdc0281ab2b72b9289613e88c64a440d1cb75cdd65e9d58e99311905176485474200c72ae8308e9745c72d04323ac15cd3f8fc2042f3110d5f2689e8d25339bd219e4a8aa9dd86925cbfb19a8fe019db1aff172544d72e9243ca3a36f9b2bb381d80ae82819f5c32277ef3d6dba5d31ed293a38ad076627e418034a271559c0175f885eafd6669ae3430ea509cdeca28455db02c855bb94dfc1ce173d3a4f7207e44c5f7da485a0c34a6ee667d9682735d951c28a12dc893d6783591afd8a59c1ad9cfac48ccae24730377bd7ca4f1a996039dbcdba0269062cb75eb5a1e95162197d82b2b86863853521bf68f78793e87e1fcb0d49bdd039ec70d466f5bd165ab178c179dacc100d756f31d32eed96856f7eae8d7cfcd7bb5929a77f353417a38ae39a6d54b9fa81f6fe206473a3acd70740a34c2887afb2b8af8cab95465eab3af9e172231e1adb2330b7f47a0e4ebf2c83baa595c7064871e64018ce779ed1e5290c55fc8cf01ff79a8c52ee2892e6557a4e81d926606b5eabb5438b00023bfd39ce83be872ddd724c1f00f12fb45e2a48ed11f48324c1f2f57c6b9dc8fa274d83ff343aca621ebabdbcd7d288fa153ac7a191e24e326ff55db7ec27c1e18afadbcd23b788a71912663503d20a2b7b5a4dbb3f41171cca073883fc87d0cca09f3bdbfda2fc66b12f8cd4788395d643dc67ae0befb29a43100c5dca5197b77b52fec831179025b3b68102dd429ae2b36f5d583a9aea29b66c84f64670424caf112868f9ff6e39c2fe8067150e3a4877c7b63dfd935cfeb615cb842d28943f04c35602353fe3e8cb5385e90331d55083c4619e84cae71fd338b216b360e7bb1ab1ae2ed6184eefac5c5a62a4cd1f495a47a30f5af35576833197ec02ab42acb2f2c818c18ab29abcee3eeed8ef90cd31cbcf3dfdc4df5d203610c944348cf1de42c2f37afa5da8f0cd1cae6a6d3b7aaa28bfe83ca713eeaec25e2d4803860ac21012ffcb97b560aa5f22cb624969af1ab53388c499ef7cbf1c6c8d5a6d92217af3a8fd91a5dbfa5fc8bc4251e93a55227b91f421b947dc287f46ca0ec8059dca902bd552918085d4a20674272278dd90dd1588db1da0dd9d370fabf067ac5c90406a11d5057d3169ede85cc0958aebbce8fcf6230c5874668a5d3608fe5f9c51e55a68f665f6e223e7d5247ba4cc8cad148e535bf3101dc53c27fcdec0582011fc95db7940daf495326a953591076d1a99503babc2f00a48c5f3c9a7e8d4b2d44de2105404edd76d81520c5fa64819a3f3a61441493a75435c6ada841f4e4c083bad31610bdfba8050fe054352733c1e51fd688931f0a61ad70d256ce1fc1d6fc32515e4c9a733e6394eb11b70967c603c5e94d8e1f810cf560476467", 0xf91}], 0x4) write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000f60000000000000000003f"], 0x119) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) 14:16:12 executing program 0: socket(0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, '\x00', 0x1}, 0xffffffffffffff60) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) pipe(&(0x7f00000002c0)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x4000000000005e3, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) [ 523.785663][ T26] audit: type=1804 audit(1588169772.776:306): pid=15282 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/152/file0/bus" dev="loop5" ino=163 res=1 [ 523.819550][ T26] audit: type=1326 audit(1588169772.806:307): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15243 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 523.860556][ T26] audit: type=1326 audit(1588169772.886:308): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15283 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 523.909668][ T6383] hid-generic 0000:0000:F60000.0001: item fetching failed at offset 0/1 [ 523.920250][ T6383] hid-generic: probe of 0000:0000:F60000.0001 failed with error -22 14:16:13 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) prlimit64(0x0, 0x0, 0x0, 0x0) [ 524.050306][ T26] audit: type=1326 audit(1588169773.156:309): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15298 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 [ 524.214357][ T26] audit: type=1326 audit(1588169773.316:310): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15255 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 14:16:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:13 executing program 4: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000100)={&(0x7f0000ffb000/0x2000)=nil, 0x4, 0x1, 0x2, &(0x7f0000ffc000/0x4000)=nil}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) syz_mount_image$nfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0}, 0x20000010) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000240)={0x8, {{0xa, 0x4e21, 0x7eedd465, @private1, 0x81}}, 0x1, 0x1, [{{0xa, 0x4e22, 0x5, @private2, 0xffff}}]}, 0x110) 14:16:13 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) clock_nanosleep(0x0, 0x0, &(0x7f0000000080), 0x0) [ 524.422767][ T26] audit: type=1326 audit(1588169773.526:311): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15307 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 14:16:13 executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000000)="183333c0f2ea3e321795c5d2868d8a2e818062610255496441", 0x19}, {&(0x7f0000000200)="3fe19b37b3cad16a112565bedb4811c8f703508787b7ed7e73d1788983d73f970cb9b0fd81b8d5f202009136bf84a15a99627518e8676ff9f0821e7b87314a755929a892e5aafeaa050ce6bc27db958d45c2e4ed23c706", 0x57}, {&(0x7f0000000500)="8e03d7dd4c7990603c5a489783c940f67b9e51e782d58fd4fe8b35af751522aa4befa3f60403c5df5709eb46476762df21caaac1b79b7511fd624977d5207d6384f5129e76ab40fc629f73e4083bdb6c1b6838272c95111a4dfe740af2c428e319e429d2a16e3cc503055ad9aa7480062da4b61699dff794e6736ffe02a5e73393bad32bdc9fe65ee275442da270d32cb70250d5a60231d645d9fc329aa0dd52244e16bb1776d7163ff676e16e3646118c59f1d2491230298392c807da718c43bd655a25b189c7fc9745ed54d50b4b945e9dec2ddcd512c9dc64c9fe43588d951aab7cb0d1636d03cdea3336fdf579df139318971904ce8ca8a8f7b769345ff6f62a44eb3c9e0fdb206424e2fdec177e5259e4563979bdc7d46770906ba34eba5148d07a3ba6089eaab351f0af2f10328ac178ecfda9da210a584654769b647232b3d6793ed7bab6583db90a690be1b8abca9cfb27afb3fc89640714694e343ad9e9f2e509abe37ab92b0575f58785e6869be46bdf577b1ba2531a54738742a974adaa98a3e3060fc47d3e122d00108a0bdffad0d573bd1af4101c12ada3636478e6b22431cafe712aeca207b80186d94cda1a49177e394a9155bcbe6aaffed6ec307abe484880f973a8a05df4668241e89f4a57a29a80062c632e8d0bea9c88b444b704600f9605b31a97e194092b1322a4d9fe3033c46f58174e746c094db9c0afcbcc62eb6edfb10e67d3007afc57fa46b1cba22a1d82ad99eea8ba3c8424370356650f0e6cc0c8669e2f150dfee71cc761b9e1aba0f820c92fd821faa56a5b33545e96fc53df2ef1146d300c28aa3517a0f940452263ba4022d19a9fad6fbc82a7e974b70fef57d1fb8adeaa45afd82ad075bb9980e105eeda7a8b1831d0d52a91e86fa537d3258e9a62bbd56764731f6e613318f504720df51433ab6394801d7d707c167020b967f5244e890f7fcdb00ddfba43e54b6f9ff694cce0e5a0bd76adbbb754433d50ec2e6732eab52c7aa246149e3fdc676de3a7a302db9a16fbbbca26f688f9637c7190d0fdde16538a041a5d0791e6dbdfb04d3281715c5062395ff075084a0466cff8bdaab31bda12b28215df9214f1717a1541448dbebabd546b63546a26b4c89bedc4b405d0e2c12431333b21d849259165e288a3a219939977321d4eae6de353002dce9ad9b8fd74cb6e626589fb8826a87da190031fd47903dd97502043c8df231fbeb21e00c8a1d9e063327fe457c762662e2c6496f8a9a40c1cc3372a9556de8aaa9b4abc924e168f9149c7422b6be310fe204899174999ad39eecf4e412b175e1f14630f5e1d19a51f2f12f984c07c5e7382c4e968c096178a9ebd9f767514ec1b51c66b3ca1e28d13336fe6906a40a2ee75942ad9253ae9f7a54ea0e5acf5d4a31366a5f6f58ca09ab4a3ed7399833e7361438f393d294c28050310c881b80534084ba92a7c82776fae53db59228d626ca989070a8c71ca5d5f8c879a11d709a8c7cea65907ab0efed5715317f628f9ae508d852778299143d1278b63bc73faecb4b7c5bd6c98a866e2be068432c86c361b549a68c8402d59d1443a09eff9a9f89de8fd658544a508b5d2cedcb788dd5c42d656031f07e8efcff2474bf6f777742c14815e5a6386b7bcbb58f3c52f00844f05a6efe6acad8be529f63340d8141d27ca7db1b843daf25b528a8f63fdb2fecd83209106068e5d2f1f69cb7f4b5b09b9319c14383551b10a80c38e51ef9f054d229b96cd8a51334a0694752acdfc7855da074a48866e02eda9c0addac0288007a7e6c3746508b60bd45d5569bdd2c783e0113f471ce48f0d5173b0be1684e519a9081fd83839cbb2eba3c78889c04d22d604a950a0100a39c7fa6b41b5d9e543ddca62242ea197f738edc4a8c626d8c5a4188942d6302329ad073bb1eef46c480419fe1d5d0db1b0e624d67def731f51f5664ceadd1fc06ec2b6b41e303d36b657a551d1e898102f699a69ca7b3ce32d24977b3553420ac71917d9b1d97f1b1646a81bd68c80d5662a9eacf3f2fe9b5e08021abb550e1214e0b11cdcbe79a420469ff7b496db2a139f1b6ab283bb641ccd4cc16be76ac0dc1477312de679886d502946b9445214e934151a6cdc9a3b500ab4e9ac5d1c9bfa8d32ff583bcb1dc0eff151e3f6c05cd23bebecc538df3ce3160603dd198538c904581ed1c831548c6c48d1d55fa7824dadc8e8c4ab32d6ac85e5aa02654b6d3a997c0e082a7836e14caf29e43a98b559daaca6601658ec4ce9d4c0eec4c8553ae4ac8648e73a871b54de56b38efe35273a7589f3b722fdb7f22f968194ccbc048c3f4663e05c1da95900f3beb53b7f4df65dc88c28d905055cb1acfce0e76e8182819192c3298d71b24c0fa4c6961431527cd44cabc634d2dc0314b47ef362936dafd075602819eff871cb5ae8aedf564feaa01586b6178c1dab243c5a9e90fde27bd2f290dffe3a73d16cc953d63ab3245f6d28a55ba69cefae83aa3ffb0ed04127da496c60ea40f6f99b9559e901c5f0c073d76d59f2e73ea0aa95bee91caf5ccb4fea7736acc004a80d0a6b76b45733d0d8692dd1ea86298080072711b102103b1ad864b180f8471bb33554989673ce0ea7dc05a2cd10e997f8b0523c855f1a87876689965f9432ac4826f77bd32a973a15441aafbd672c942672971d0c879aea349f789d3ca6c01107cebb607fa8a854c7d0242d7ef3ad035093cebf754648619e7d660e1ce3cfbed5da9e77dea66e462957b89bee31893c8ee5d4eac0c1388e2ec341170f38ebdb2172c230a349b7432cc0e97f7a0f56455ca97aa91da20d0409d153bc6c6f316f7d0dd56acefa984c464d2f730c23d1ee06bf0b5d9d53cbfd1147a7c071ec440b84102a1461386fee1bcd4808bff24310b4f0a46cfde2760d9d31511179398635544070e9fdbbcac67dd2a6db537a0dc613f4742c53c8ce64fdbfe2b53f3ab06f3ac4593cfae6182aa8f6729f018aad30c71051ef9323a6ce67e2a72262bd023b7bef70af0ec14a064cbf46c57a759b368a61ab2f44d882b60cdd766e3b2ab0fe6a851a196bb94f83afe0d24f49c18c6a146c19289a1924b65df2485a0fcba3d7e78a2c83184ff3eec1b5d5535a05b78fad9aa3f4b2c352f58f11923fb74310e0ef1ce40911fb37c182e5e53ecf0167815cb63f7e343088fea70c1d0629d40f490311e4f9f713ffd59032aa59c1c920de6b5df543eb507b29de0a77bce5be6fe192cd551f8ef0cf9f49bd0ddc924ef059bf03048da8cee840637bf562f7b7640f6b9d9f84c34dcc172324e7689d97e5ab71aedf01e6df379cb90eb2a416c74c798f66caaedf77283c8ca21a89522ee9331979c0680c3c0ef37415575ddff78448c621f953b484e419a5d43b9a0aa15dacd039d88c5e6b8c9af1c4f6f3867e1da940f5d8608778a85b1f39ae61f564ab31059196cb1c7bf4695b1391524790dc3fa06805af9c6928cb926294166bf9629c873ac7b2e232d77a544a4b34e78cb2ffb5a515771e4afd673aa9c04fa7e4d73653863af091ace66c61fb8221e58f126e501716be27dc8450cecb3a9bfad7d760ddd2d15a403f749e52f740c63c9188f5b80ad5d3e95a97a58097a566ee6ffbfec766b716e1c77ffe628ad51c147e2911cc8233a8d65f1214004dfb70714dfdc0b8e647bc26d052d6e876e054d8cf0662b94618adfb7e2b7deae882bec7e8b553389ac46801aa743a8434638c7596396d44448e22a17b2a29c0bc1d1650230838396b8df7352b91824af7e6b5d390d6b1ec4122d64828320a6c979f4a6d9344309db5212b2956dca61a02eeed9ca5d3e5f65fcd91b235a69c60ceb292ddf5c1a450f15898d3423790ae3a84f7d36d35dd8bf8e9d6732d39233a9b10c6aa83c33c6161d55a4fa1000945b018fb7a58e241bc6da0a6a9e02f954c344acbe371fa27db693fb1d74b93e14217264a679daebfeb0955eaa9332d3654274a9accf32135905cff88963b4f26b612d75da9fe4fea1aab70c911188902e348c8a41d7bff85c80b0168d85f5db9211d532544819601d29ddf3fcf26a5e30893d0a21df8ad72c0ae8a03fe76a70a8761a5677d37ca48208eba5359d149bef79110f5da65f0f97149d236f189bb8ea5b61e14ceb43274d6d8ef50450242b4a63260844cb83c485fcc4209b57fc5eb181f3bb611b90dd497686301a252936949358b401c85d9ed5fb6c7dacdc0281ab2b72b9289613e88c64a440d1cb75cdd65e9d58e99311905176485474200c72ae8308e9745c72d04323ac15cd3f8fc2042f3110d5f2689e8d25339bd219e4a8aa9dd86925cbfb19a8fe019db1aff172544d72e9243ca3a36f9b2bb381d80ae82819f5c32277ef3d6dba5d31ed293a38ad076627e418034a271559c0175f885eafd6669ae3430ea509cdeca28455db02c855bb94dfc1ce173d3a4f7207e44c5f7da485a0c34a6ee667d9682735d951c28a12dc893d6783591afd8a59c1ad9cfac48ccae24730377bd7ca4f1a996039dbcdba0269062cb75eb5a1e95162197d82b2b86863853521bf68f78793e87e1fcb0d49bdd039ec70d466f5bd165ab178c179dacc100d756f31d32eed96856f7eae8d7cfcd7bb5929a77f353417a38ae39a6d54b9fa81f6fe206473a3acd70740a34c2887afb2b8af8cab95465eab3af9e172231e1adb2330b7f47a0e4ebf2c83baa595c7064871e64018ce779ed1e5290c55fc8cf01ff79a8c52ee2892e6557a4e81d926606b5eabb5438b00023bfd39ce83be872ddd724c1f00f12fb45e2a48ed11f48324c1f2f57c6b9dc8fa274d83ff343aca621ebabdbcd7d288fa153ac7a191e24e326ff55db7ec27c1e18afadbcd23b788a71912663503d20a2b7b5a4dbb3f41171cca073883fc87d0cca09f3bdbfda2fc66b12f8cd4788395d643dc67ae0befb29a43100c5dca5197b77b52fec831179025b3b68102dd429ae2b36f5d583a9aea29b66c84f64670424caf112868f9ff6e39c2fe8067150e3a4877c7b63dfd935cfeb615cb842d28943f04c35602353fe3e8cb5385e90331d55083c4619e84cae71fd338b216b360e7bb1ab1ae2ed6184eefac5c5a62a4cd1f495a47a30f5af35576833197ec02ab42acb2f2c818c18ab29abcee3eeed8ef90cd31cbcf3dfdc4df5d203610c944348cf1de42c2f37afa5da8f0cd1cae6a6d3b7aaa28bfe83ca713eeaec25e2d4803860ac21012ffcb97b560aa5f22cb624969af1ab53388c499ef7cbf1c6c8d5a6d92217af3a8fd91a5dbfa5fc8bc4251e93a55227b91f421b947dc287f46ca0ec8059dca902bd552918085d4a20674272278dd90dd1588db1da0dd9d370fabf067ac5c90406a11d5057d3169ede85cc0958aebbce8fcf6230c5874668a5d3608fe5f9c51e55a68f665f6e223e7d5247ba4cc8cad148e535bf3101dc53c27fcdec0582011fc95db7940daf495326a953591076d1a99503babc2f00a48c5f3c9a7e8d4b2d44de2105404edd76d81520c5fa64819a3f3a61441493a75435c6ada841f4e4c083bad31610bdfba8050fe054352733c1e51fd688931f0a61ad70d256ce1fc1d6fc32515e4c9a733e6394eb11b70967c603c5e94d8e1f810cf560476467", 0xf91}], 0x3) write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000f60000000000000000003f"], 0x119) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) [ 524.849530][ T6383] hid-generic 0000:0000:F60000.0002: item fetching failed at offset 0/1 [ 524.861474][ T6383] hid-generic: probe of 0000:0000:F60000.0002 failed with error -22 14:16:14 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) clock_nanosleep(0x0, 0x0, 0x0, 0x0) 14:16:14 executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000000)="183333c0f2ea3e321795c5d2868d8a2e818062610255496441", 0x19}, {&(0x7f0000000200)="3fe19b37b3cad16a112565bedb4811c8f703508787b7ed7e73d1788983d73f970cb9b0fd81b8d5f202009136bf84a15a99627518e8676ff9f0821e7b87314a755929a892e5aafeaa050ce6bc27db958d45c2e4ed23c706", 0x57}, {&(0x7f0000000500)="8e03d7dd4c7990603c5a489783c940f67b9e51e782d58fd4fe8b35af751522aa4befa3f60403c5df5709eb46476762df21caaac1b79b7511fd624977d5207d6384f5129e76ab40fc629f73e4083bdb6c1b6838272c95111a4dfe740af2c428e319e429d2a16e3cc503055ad9aa7480062da4b61699dff794e6736ffe02a5e73393bad32bdc9fe65ee275442da270d32cb70250d5a60231d645d9fc329aa0dd52244e16bb1776d7163ff676e16e3646118c59f1d2491230298392c807da718c43bd655a25b189c7fc9745ed54d50b4b945e9dec2ddcd512c9dc64c9fe43588d951aab7cb0d1636d03cdea3336fdf579df139318971904ce8ca8a8f7b769345ff6f62a44eb3c9e0fdb206424e2fdec177e5259e4563979bdc7d46770906ba34eba5148d07a3ba6089eaab351f0af2f10328ac178ecfda9da210a584654769b647232b3d6793ed7bab6583db90a690be1b8abca9cfb27afb3fc89640714694e343ad9e9f2e509abe37ab92b0575f58785e6869be46bdf577b1ba2531a54738742a974adaa98a3e3060fc47d3e122d00108a0bdffad0d573bd1af4101c12ada3636478e6b22431cafe712aeca207b80186d94cda1a49177e394a9155bcbe6aaffed6ec307abe484880f973a8a05df4668241e89f4a57a29a80062c632e8d0bea9c88b444b704600f9605b31a97e194092b1322a4d9fe3033c46f58174e746c094db9c0afcbcc62eb6edfb10e67d3007afc57fa46b1cba22a1d82ad99eea8ba3c8424370356650f0e6cc0c8669e2f150dfee71cc761b9e1aba0f820c92fd821faa56a5b33545e96fc53df2ef1146d300c28aa3517a0f940452263ba4022d19a9fad6fbc82a7e974b70fef57d1fb8adeaa45afd82ad075bb9980e105eeda7a8b1831d0d52a91e86fa537d3258e9a62bbd56764731f6e613318f504720df51433ab6394801d7d707c167020b967f5244e890f7fcdb00ddfba43e54b6f9ff694cce0e5a0bd76adbbb754433d50ec2e6732eab52c7aa246149e3fdc676de3a7a302db9a16fbbbca26f688f9637c7190d0fdde16538a041a5d0791e6dbdfb04d3281715c5062395ff075084a0466cff8bdaab31bda12b28215df9214f1717a1541448dbebabd546b63546a26b4c89bedc4b405d0e2c12431333b21d849259165e288a3a219939977321d4eae6de353002dce9ad9b8fd74cb6e626589fb8826a87da190031fd47903dd97502043c8df231fbeb21e00c8a1d9e063327fe457c762662e2c6496f8a9a40c1cc3372a9556de8aaa9b4abc924e168f9149c7422b6be310fe204899174999ad39eecf4e412b175e1f14630f5e1d19a51f2f12f984c07c5e7382c4e968c096178a9ebd9f767514ec1b51c66b3ca1e28d13336fe6906a40a2ee75942ad9253ae9f7a54ea0e5acf5d4a31366a5f6f58ca09ab4a3ed7399833e7361438f393d294c28050310c881b80534084ba92a7c82776fae53db59228d626ca989070a8c71ca5d5f8c879a11d709a8c7cea65907ab0efed5715317f628f9ae508d852778299143d1278b63bc73faecb4b7c5bd6c98a866e2be068432c86c361b549a68c8402d59d1443a09eff9a9f89de8fd658544a508b5d2cedcb788dd5c42d656031f07e8efcff2474bf6f777742c14815e5a6386b7bcbb58f3c52f00844f05a6efe6acad8be529f63340d8141d27ca7db1b843daf25b528a8f63fdb2fecd83209106068e5d2f1f69cb7f4b5b09b9319c14383551b10a80c38e51ef9f054d229b96cd8a51334a0694752acdfc7855da074a48866e02eda9c0addac0288007a7e6c3746508b60bd45d5569bdd2c783e0113f471ce48f0d5173b0be1684e519a9081fd83839cbb2eba3c78889c04d22d604a950a0100a39c7fa6b41b5d9e543ddca62242ea197f738edc4a8c626d8c5a4188942d6302329ad073bb1eef46c480419fe1d5d0db1b0e624d67def731f51f5664ceadd1fc06ec2b6b41e303d36b657a551d1e898102f699a69ca7b3ce32d24977b3553420ac71917d9b1d97f1b1646a81bd68c80d5662a9eacf3f2fe9b5e08021abb550e1214e0b11cdcbe79a420469ff7b496db2a139f1b6ab283bb641ccd4cc16be76ac0dc1477312de679886d502946b9445214e934151a6cdc9a3b500ab4e9ac5d1c9bfa8d32ff583bcb1dc0eff151e3f6c05cd23bebecc538df3ce3160603dd198538c904581ed1c831548c6c48d1d55fa7824dadc8e8c4ab32d6ac85e5aa02654b6d3a997c0e082a7836e14caf29e43a98b559daaca6601658ec4ce9d4c0eec4c8553ae4ac8648e73a871b54de56b38efe35273a7589f3b722fdb7f22f968194ccbc048c3f4663e05c1da95900f3beb53b7f4df65dc88c28d905055cb1acfce0e76e8182819192c3298d71b24c0fa4c6961431527cd44cabc634d2dc0314b47ef362936dafd075602819eff871cb5ae8aedf564feaa01586b6178c1dab243c5a9e90fde27bd2f290dffe3a73d16cc953d63ab3245f6d28a55ba69cefae83aa3ffb0ed04127da496c60ea40f6f99b9559e901c5f0c073d76d59f2e73ea0aa95bee91caf5ccb4fea7736acc004a80d0a6b76b45733d0d8692dd1ea86298080072711b102103b1ad864b180f8471bb33554989673ce0ea7dc05a2cd10e997f8b0523c855f1a87876689965f9432ac4826f77bd32a973a15441aafbd672c942672971d0c879aea349f789d3ca6c01107cebb607fa8a854c7d0242d7ef3ad035093cebf754648619e7d660e1ce3cfbed5da9e77dea66e462957b89bee31893c8ee5d4eac0c1388e2ec341170f38ebdb2172c230a349b7432cc0e97f7a0f56455ca97aa91da20d0409d153bc6c6f316f7d0dd56acefa984c464d2f730c23d1ee06bf0b5d9d53cbfd1147a7c071ec440b84102a1461386fee1bcd4808bff24310b4f0a46cfde2760d9d31511179398635544070e9fdbbcac67dd2a6db537a0dc613f4742c53c8ce64fdbfe2b53f3ab06f3ac4593cfae6182aa8f6729f018aad30c71051ef9323a6ce67e2a72262bd023b7bef70af0ec14a064cbf46c57a759b368a61ab2f44d882b60cdd766e3b2ab0fe6a851a196bb94f83afe0d24f49c18c6a146c19289a1924b65df2485a0fcba3d7e78a2c83184ff3eec1b5d5535a05b78fad9aa3f4b2c352f58f11923fb74310e0ef1ce40911fb37c182e5e53ecf0167815cb63f7e343088fea70c1d0629d40f490311e4f9f713ffd59032aa59c1c920de6b5df543eb507b29de0a77bce5be6fe192cd551f8ef0cf9f49bd0ddc924ef059bf03048da8cee840637bf562f7b7640f6b9d9f84c34dcc172324e7689d97e5ab71aedf01e6df379cb90eb2a416c74c798f66caaedf77283c8ca21a89522ee9331979c0680c3c0ef37415575ddff78448c621f953b484e419a5d43b9a0aa15dacd039d88c5e6b8c9af1c4f6f3867e1da940f5d8608778a85b1f39ae61f564ab31059196cb1c7bf4695b1391524790dc3fa06805af9c6928cb926294166bf9629c873ac7b2e232d77a544a4b34e78cb2ffb5a515771e4afd673aa9c04fa7e4d73653863af091ace66c61fb8221e58f126e501716be27dc8450cecb3a9bfad7d760ddd2d15a403f749e52f740c63c9188f5b80ad5d3e95a97a58097a566ee6ffbfec766b716e1c77ffe628ad51c147e2911cc8233a8d65f1214004dfb70714dfdc0b8e647bc26d052d6e876e054d8cf0662b94618adfb7e2b7deae882bec7e8b553389ac46801aa743a8434638c7596396d44448e22a17b2a29c0bc1d1650230838396b8df7352b91824af7e6b5d390d6b1ec4122d64828320a6c979f4a6d9344309db5212b2956dca61a02eeed9ca5d3e5f65fcd91b235a69c60ceb292ddf5c1a450f15898d3423790ae3a84f7d36d35dd8bf8e9d6732d39233a9b10c6aa83c33c6161d55a4fa1000945b018fb7a58e241bc6da0a6a9e02f954c344acbe371fa27db693fb1d74b93e14217264a679daebfeb0955eaa9332d3654274a9accf32135905cff88963b4f26b612d75da9fe4fea1aab70c911188902e348c8a41d7bff85c80b0168d85f5db9211d532544819601d29ddf3fcf26a5e30893d0a21df8ad72c0ae8a03fe76a70a8761a5677d37ca48208eba5359d149bef79110f5da65f0f97149d236f189bb8ea5b61e14ceb43274d6d8ef50450242b4a63260844cb83c485fcc4209b57fc5eb181f3bb611b90dd497686301a252936949358b401c85d9ed5fb6c7dacdc0281ab2b72b9289613e88c64a440d1cb75cdd65e9d58e99311905176485474200c72ae8308e9745c72d04323ac15cd3f8fc2042f3110d5f2689e8d25339bd219e4a8aa9dd86925cbfb19a8fe019db1aff172544d72e9243ca3a36f9b2bb381d80ae82819f5c32277ef3d6dba5d31ed293a38ad076627e418034a271559c0175f885eafd6669ae3430ea509cdeca28455db02c855bb94dfc1ce173d3a4f7207e44c5f7da485a0c34a6ee667d9682735d951c28a12dc893d6783591afd8a59c1ad9cfac48ccae24730377bd7ca4f1a996039dbcdba0269062cb75eb5a1e95162197d82b2b86863853521bf68f78793e87e1fcb0d49bdd039ec70d466f5bd165ab178c179dacc100d756f31d32eed96856f7eae8d7cfcd7bb5929a77f353417a38ae39a6d54b9fa81f6fe206473a3acd70740a34c2887afb2b8af8cab95465eab3af9e172231e1adb2330b7f47a0e4ebf2c83baa595c7064871e64018ce779ed1e5290c55fc8cf01ff79a8c52ee2892e6557a4e81d926606b5eabb5438b00023bfd39ce83be872ddd724c1f00f12fb45e2a48ed11f48324c1f2f57c6b9dc8fa274d83ff343aca621ebabdbcd7d288fa153ac7a191e24e326ff55db7ec27c1e18afadbcd23b788a71912663503d20a2b7b5a4dbb3f41171cca073883fc87d0cca09f3bdbfda2fc66b12f8cd4788395d643dc67ae0befb29a43100c5dca5197b77b52fec831179025b3b68102dd429ae2b36f5d583a9aea29b66c84f64670424caf112868f9ff6e39c2fe8067150e3a4877c7b63dfd935cfeb615cb842d28943f04c35602353fe3e8cb5385e90331d55083c4619e84cae71fd338b216b360e7bb1ab1ae2ed6184eefac5c5a62a4cd1f495a47a30f5af35576833197ec02ab42acb2f2c818c18ab29abcee3eeed8ef90cd31cbcf3dfdc4df5d203610c944348cf1de42c2f37afa5da8f0cd1cae6a6d3b7aaa28bfe83ca713eeaec25e2d4803860ac21012ffcb97b560aa5f22cb624969af1ab53388c499ef7cbf1c6c8d5a6d92217af3a8fd91a5dbfa5fc8bc4251e93a55227b91f421b947dc287f46ca0ec8059dca902bd552918085d4a20674272278dd90dd1588db1da0dd9d370fabf067ac5c90406a11d5057d3169ede85cc0958aebbce8fcf6230c5874668a5d3608fe5f9c51e55a68f665f6e223e7d5247ba4cc8cad148e535bf3101dc53c27fcdec0582011fc95db7940daf495326a953591076d1a99503babc2f00a48c5f3c9a7e8d4b2d44de2105404edd76d81520c5fa64819a3f3a61441493a75435c6ada841f4e4c083bad31610bdfba8050fe054352733c1e51fd688931f0a61ad70d256ce1fc1d6fc32515e4c9a733e6394eb11b70967c603c5e94d8e1f810cf560476467", 0xf91}], 0x3) write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000f60000000000000000003f"], 0x119) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) 14:16:14 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000000)="183333c0f2ea3e321795c5d2868d8a2e818062610255496441", 0x19}, {&(0x7f0000000200)="3fe19b37b3cad16a112565bedb4811c8f703508787b7ed7e73d1788983d73f970cb9b0fd81b8d5f202009136bf84a15a99627518e8676ff9f0821e7b87314a755929a892e5aafeaa050ce6bc27db958d45c2e4ed23c706", 0x57}, {&(0x7f0000000500)="8e03d7dd4c7990603c5a489783c940f67b9e51e782d58fd4fe8b35af751522aa4befa3f60403c5df5709eb46476762df21caaac1b79b7511fd624977d5207d6384f5129e76ab40fc629f73e4083bdb6c1b6838272c95111a4dfe740af2c428e319e429d2a16e3cc503055ad9aa7480062da4b61699dff794e6736ffe02a5e73393bad32bdc9fe65ee275442da270d32cb70250d5a60231d645d9fc329aa0dd52244e16bb1776d7163ff676e16e3646118c59f1d2491230298392c807da718c43bd655a25b189c7fc9745ed54d50b4b945e9dec2ddcd512c9dc64c9fe43588d951aab7cb0d1636d03cdea3336fdf579df139318971904ce8ca8a8f7b769345ff6f62a44eb3c9e0fdb206424e2fdec177e5259e4563979bdc7d46770906ba34eba5148d07a3ba6089eaab351f0af2f10328ac178ecfda9da210a584654769b647232b3d6793ed7bab6583db90a690be1b8abca9cfb27afb3fc89640714694e343ad9e9f2e509abe37ab92b0575f58785e6869be46bdf577b1ba2531a54738742a974adaa98a3e3060fc47d3e122d00108a0bdffad0d573bd1af4101c12ada3636478e6b22431cafe712aeca207b80186d94cda1a49177e394a9155bcbe6aaffed6ec307abe484880f973a8a05df4668241e89f4a57a29a80062c632e8d0bea9c88b444b704600f9605b31a97e194092b1322a4d9fe3033c46f58174e746c094db9c0afcbcc62eb6edfb10e67d3007afc57fa46b1cba22a1d82ad99eea8ba3c8424370356650f0e6cc0c8669e2f150dfee71cc761b9e1aba0f820c92fd821faa56a5b33545e96fc53df2ef1146d300c28aa3517a0f940452263ba4022d19a9fad6fbc82a7e974b70fef57d1fb8adeaa45afd82ad075bb9980e105eeda7a8b1831d0d52a91e86fa537d3258e9a62bbd56764731f6e613318f504720df51433ab6394801d7d707c167020b967f5244e890f7fcdb00ddfba43e54b6f9ff694cce0e5a0bd76adbbb754433d50ec2e6732eab52c7aa246149e3fdc676de3a7a302db9a16fbbbca26f688f9637c7190d0fdde16538a041a5d0791e6dbdfb04d3281715c5062395ff075084a0466cff8bdaab31bda12b28215df9214f1717a1541448dbebabd546b63546a26b4c89bedc4b405d0e2c12431333b21d849259165e288a3a219939977321d4eae6de353002dce9ad9b8fd74cb6e626589fb8826a87da190031fd47903dd97502043c8df231fbeb21e00c8a1d9e063327fe457c762662e2c6496f8a9a40c1cc3372a9556de8aaa9b4abc924e168f9149c7422b6be310fe204899174999ad39eecf4e412b175e1f14630f5e1d19a51f2f12f984c07c5e7382c4e968c096178a9ebd9f767514ec1b51c66b3ca1e28d13336fe6906a40a2ee75942ad9253ae9f7a54ea0e5acf5d4a31366a5f6f58ca09ab4a3ed7399833e7361438f393d294c28050310c881b80534084ba92a7c82776fae53db59228d626ca989070a8c71ca5d5f8c879a11d709a8c7cea65907ab0efed5715317f628f9ae508d852778299143d1278b63bc73faecb4b7c5bd6c98a866e2be068432c86c361b549a68c8402d59d1443a09eff9a9f89de8fd658544a508b5d2cedcb788dd5c42d656031f07e8efcff2474bf6f777742c14815e5a6386b7bcbb58f3c52f00844f05a6efe6acad8be529f63340d8141d27ca7db1b843daf25b528a8f63fdb2fecd83209106068e5d2f1f69cb7f4b5b09b9319c14383551b10a80c38e51ef9f054d229b96cd8a51334a0694752acdfc7855da074a48866e02eda9c0addac0288007a7e6c3746508b60bd45d5569bdd2c783e0113f471ce48f0d5173b0be1684e519a9081fd83839cbb2eba3c78889c04d22d604a950a0100a39c7fa6b41b5d9e543ddca62242ea197f738edc4a8c626d8c5a4188942d6302329ad073bb1eef46c480419fe1d5d0db1b0e624d67def731f51f5664ceadd1fc06ec2b6b41e303d36b657a551d1e898102f699a69ca7b3ce32d24977b3553420ac71917d9b1d97f1b1646a81bd68c80d5662a9eacf3f2fe9b5e08021abb550e1214e0b11cdcbe79a420469ff7b496db2a139f1b6ab283bb641ccd4cc16be76ac0dc1477312de679886d502946b9445214e934151a6cdc9a3b500ab4e9ac5d1c9bfa8d32ff583bcb1dc0eff151e3f6c05cd23bebecc538df3ce3160603dd198538c904581ed1c831548c6c48d1d55fa7824dadc8e8c4ab32d6ac85e5aa02654b6d3a997c0e082a7836e14caf29e43a98b559daaca6601658ec4ce9d4c0eec4c8553ae4ac8648e73a871b54de56b38efe35273a7589f3b722fdb7f22f968194ccbc048c3f4663e05c1da95900f3beb53b7f4df65dc88c28d905055cb1acfce0e76e8182819192c3298d71b24c0fa4c6961431527cd44cabc634d2dc0314b47ef362936dafd075602819eff871cb5ae8aedf564feaa01586b6178c1dab243c5a9e90fde27bd2f290dffe3a73d16cc953d63ab3245f6d28a55ba69cefae83aa3ffb0ed04127da496c60ea40f6f99b9559e901c5f0c073d76d59f2e73ea0aa95bee91caf5ccb4fea7736acc004a80d0a6b76b45733d0d8692dd1ea86298080072711b102103b1ad864b180f8471bb33554989673ce0ea7dc05a2cd10e997f8b0523c855f1a87876689965f9432ac4826f77bd32a973a15441aafbd672c942672971d0c879aea349f789d3ca6c01107cebb607fa8a854c7d0242d7ef3ad035093cebf754648619e7d660e1ce3cfbed5da9e77dea66e462957b89bee31893c8ee5d4eac0c1388e2ec341170f38ebdb2172c230a349b7432cc0e97f7a0f56455ca97aa91da20d0409d153bc6c6f316f7d0dd56acefa984c464d2f730c23d1ee06bf0b5d9d53cbfd1147a7c071ec440b84102a1461386fee1bcd4808bff24310b4f0a46cfde2760d9d31511179398635544070e9fdbbcac67dd2a6db537a0dc613f4742c53c8ce64fdbfe2b53f3ab06f3ac4593cfae6182aa8f6729f018aad30c71051ef9323a6ce67e2a72262bd023b7bef70af0ec14a064cbf46c57a759b368a61ab2f44d882b60cdd766e3b2ab0fe6a851a196bb94f83afe0d24f49c18c6a146c19289a1924b65df2485a0fcba3d7e78a2c83184ff3eec1b5d5535a05b78fad9aa3f4b2c352f58f11923fb74310e0ef1ce40911fb37c182e5e53ecf0167815cb63f7e343088fea70c1d0629d40f490311e4f9f713ffd59032aa59c1c920de6b5df543eb507b29de0a77bce5be6fe192cd551f8ef0cf9f49bd0ddc924ef059bf03048da8cee840637bf562f7b7640f6b9d9f84c34dcc172324e7689d97e5ab71aedf01e6df379cb90eb2a416c74c798f66caaedf77283c8ca21a89522ee9331979c0680c3c0ef37415575ddff78448c621f953b484e419a5d43b9a0aa15dacd039d88c5e6b8c9af1c4f6f3867e1da940f5d8608778a85b1f39ae61f564ab31059196cb1c7bf4695b1391524790dc3fa06805af9c6928cb926294166bf9629c873ac7b2e232d77a544a4b34e78cb2ffb5a515771e4afd673aa9c04fa7e4d73653863af091ace66c61fb8221e58f126e501716be27dc8450cecb3a9bfad7d760ddd2d15a403f749e52f740c63c9188f5b80ad5d3e95a97a58097a566ee6ffbfec766b716e1c77ffe628ad51c147e2911cc8233a8d65f1214004dfb70714dfdc0b8e647bc26d052d6e876e054d8cf0662b94618adfb7e2b7deae882bec7e8b553389ac46801aa743a8434638c7596396d44448e22a17b2a29c0bc1d1650230838396b8df7352b91824af7e6b5d390d6b1ec4122d64828320a6c979f4a6d9344309db5212b2956dca61a02eeed9ca5d3e5f65fcd91b235a69c60ceb292ddf5c1a450f15898d3423790ae3a84f7d36d35dd8bf8e9d6732d39233a9b10c6aa83c33c6161d55a4fa1000945b018fb7a58e241bc6da0a6a9e02f954c344acbe371fa27db693fb1d74b93e14217264a679daebfeb0955eaa9332d3654274a9accf32135905cff88963b4f26b612d75da9fe4fea1aab70c911188902e348c8a41d7bff85c80b0168d85f5db9211d532544819601d29ddf3fcf26a5e30893d0a21df8ad72c0ae8a03fe76a70a8761a5677d37ca48208eba5359d149bef79110f5da65f0f97149d236f189bb8ea5b61e14ceb43274d6d8ef50450242b4a63260844cb83c485fcc4209b57fc5eb181f3bb611b90dd497686301a252936949358b401c85d9ed5fb6c7dacdc0281ab2b72b9289613e88c64a440d1cb75cdd65e9d58e99311905176485474200c72ae8308e9745c72d04323ac15cd3f8fc2042f3110d5f2689e8d25339bd219e4a8aa9dd86925cbfb19a8fe019db1aff172544d72e9243ca3a36f9b2bb381d80ae82819f5c32277ef3d6dba5d31ed293a38ad076627e418034a271559c0175f885eafd6669ae3430ea509cdeca28455db02c855bb94dfc1ce173d3a4f7207e44c5f7da485a0c34a6ee667d9682735d951c28a12dc893d6783591afd8a59c1ad9cfac48ccae24730377bd7ca4f1a996039dbcdba0269062cb75eb5a1e95162197d82b2b86863853521bf68f78793e87e1fcb0d49bdd039ec70d466f5bd165ab178c179dacc100d756f31d32eed96856f7eae8d7cfcd7bb5929a77f353417a38ae39a6d54b9fa81f6fe206473a3acd70740a34c2887afb2b8af8cab95465eab3af9e172231e1adb2330b7f47a0e4ebf2c83baa595c7064871e64018ce779ed1e5290c55fc8cf01ff79a8c52ee2892e6557a4e81d926606b5eabb5438b00023bfd39ce83be872ddd724c1f00f12fb45e2a48ed11f48324c1f2f57c6b9dc8fa274d83ff343aca621ebabdbcd7d288fa153ac7a191e24e326ff55db7ec27c1e18afadbcd23b788a71912663503d20a2b7b5a4dbb3f41171cca073883fc87d0cca09f3bdbfda2fc66b12f8cd4788395d643dc67ae0befb29a43100c5dca5197b77b52fec831179025b3b68102dd429ae2b36f5d583a9aea29b66c84f64670424caf112868f9ff6e39c2fe8067150e3a4877c7b63dfd935cfeb615cb842d28943f04c35602353fe3e8cb5385e90331d55083c4619e84cae71fd338b216b360e7bb1ab1ae2ed6184eefac5c5a62a4cd1f495a47a30f5af35576833197ec02ab42acb2f2c818c18ab29abcee3eeed8ef90cd31cbcf3dfdc4df5d203610c944348cf1de42c2f37afa5da8f0cd1cae6a6d3b7aaa28bfe83ca713eeaec25e2d4803860ac21012ffcb97b560aa5f22cb624969af1ab53388c499ef7cbf1c6c8d5a6d92217af3a8fd91a5dbfa5fc8bc4251e93a55227b91f421b947dc287f46ca0ec8059dca902bd552918085d4a20674272278dd90dd1588db1da0dd9d370fabf067ac5c90406a11d5057d3169ede85cc0958aebbce8fcf6230c5874668a5d3608fe5f9c51e55a68f665f6e223e7d5247ba4cc8cad148e535bf3101dc53c27fcdec0582011fc95db7940daf495326a953591076d1a99503babc2f00a48c5f3c9a7e8d4b2d44de2105404edd76d81520c5fa64819a3f3a61441493a75435c6ada841f4e4c083bad31610bdfba8050fe054352733c1e51fd688931f0a61ad70d256ce1fc1d6fc32515e4c9a733e6394eb11b70967c603c5e94d8e1f810cf560476467", 0xf91}], 0x3) write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000f60000000000000000003f"], 0x119) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) [ 525.121386][ T6383] hid-generic 0000:0000:F60000.0003: item fetching failed at offset 0/1 [ 525.133064][ T6383] hid-generic: probe of 0000:0000:F60000.0003 failed with error -22 14:16:14 executing program 1: syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_names\x00') r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) pipe(0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f00000014c0)=0x9759, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x4000000000005e3, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) [ 525.213979][ T6383] hid-generic 0000:0000:F60000.0004: item fetching failed at offset 0/1 [ 525.223906][ T6383] hid-generic: probe of 0000:0000:F60000.0004 failed with error -22 14:16:14 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000000)="183333c0f2ea3e321795c5d2868d8a2e818062610255496441", 0x19}, {&(0x7f0000000200)="3fe19b37b3cad16a112565bedb4811c8f703508787b7ed7e73d1788983d73f970cb9b0fd81b8d5f202009136bf84a15a99627518e8676ff9f0821e7b87314a755929a892e5aafeaa050ce6bc27db958d45c2e4ed23c706", 0x57}, {&(0x7f0000000040)="e8e418", 0x3}, {&(0x7f0000000500)="8e03d7dd4c7990603c5a489783c940f67b9e51e782d58fd4fe8b35af751522aa4befa3f60403c5df5709eb46476762df21caaac1b79b7511fd624977d5207d6384f5129e76ab40fc629f73e4083bdb6c1b6838272c95111a4dfe740af2c428e319e429d2a16e3cc503055ad9aa7480062da4b61699dff794e6736ffe02a5e73393bad32bdc9fe65ee275442da270d32cb70250d5a60231d645d9fc329aa0dd52244e16bb1776d7163ff676e16e3646118c59f1d2491230298392c807da718c43bd655a25b189c7fc9745ed54d50b4b945e9dec2ddcd512c9dc64c9fe43588d951aab7cb0d1636d03cdea3336fdf579df139318971904ce8ca8a8f7b769345ff6f62a44eb3c9e0fdb206424e2fdec177e5259e4563979bdc7d46770906ba34eba5148d07a3ba6089eaab351f0af2f10328ac178ecfda9da210a584654769b647232b3d6793ed7bab6583db90a690be1b8abca9cfb27afb3fc89640714694e343ad9e9f2e509abe37ab92b0575f58785e6869be46bdf577b1ba2531a54738742a974adaa98a3e3060fc47d3e122d00108a0bdffad0d573bd1af4101c12ada3636478e6b22431cafe712aeca207b80186d94cda1a49177e394a9155bcbe6aaffed6ec307abe484880f973a8a05df4668241e89f4a57a29a80062c632e8d0bea9c88b444b704600f9605b31a97e194092b1322a4d9fe3033c46f58174e746c094db9c0afcbcc62eb6edfb10e67d3007afc57fa46b1cba22a1d82ad99eea8ba3c8424370356650f0e6cc0c8669e2f150dfee71cc761b9e1aba0f820c92fd821faa56a5b33545e96fc53df2ef1146d300c28aa3517a0f940452263ba4022d19a9fad6fbc82a7e974b70fef57d1fb8adeaa45afd82ad075bb9980e105eeda7a8b1831d0d52a91e86fa537d3258e9a62bbd56764731f6e613318f504720df51433ab6394801d7d707c167020b967f5244e890f7fcdb00ddfba43e54b6f9ff694cce0e5a0bd76adbbb754433d50ec2e6732eab52c7aa246149e3fdc676de3a7a302db9a16fbbbca26f688f9637c7190d0fdde16538a041a5d0791e6dbdfb04d3281715c5062395ff075084a0466cff8bdaab31bda12b28215df9214f1717a1541448dbebabd546b63546a26b4c89bedc4b405d0e2c12431333b21d849259165e288a3a219939977321d4eae6de353002dce9ad9b8fd74cb6e626589fb8826a87da190031fd47903dd97502043c8df231fbeb21e00c8a1d9e063327fe457c762662e2c6496f8a9a40c1cc3372a9556de8aaa9b4abc924e168f9149c7422b6be310fe204899174999ad39eecf4e412b175e1f14630f5e1d19a51f2f12f984c07c5e7382c4e968c096178a9ebd9f767514ec1b51c66b3ca1e28d13336fe6906a40a2ee75942ad9253ae9f7a54ea0e5acf5d4a31366a5f6f58ca09ab4a3ed7399833e7361438f393d294c28050310c881b80534084ba92a7c82776fae53db59228d626ca989070a8c71ca5d5f8c879a11d709a8c7cea65907ab0efed5715317f628f9ae508d852778299143d1278b63bc73faecb4b7c5bd6c98a866e2be068432c86c361b549a68c8402d59d1443a09eff9a9f89de8fd658544a508b5d2cedcb788dd5c42d656031f07e8efcff2474bf6f777742c14815e5a6386b7bcbb58f3c52f00844f05a6efe6acad8be529f63340d8141d27ca7db1b843daf25b528a8f63fdb2fecd83209106068e5d2f1f69cb7f4b5b09b9319c14383551b10a80c38e51ef9f054d229b96cd8a51334a0694752acdfc7855da074a48866e02eda9c0addac0288007a7e6c3746508b60bd45d5569bdd2c783e0113f471ce48f0d5173b0be1684e519a9081fd83839cbb2eba3c78889c04d22d604a950a0100a39c7fa6b41b5d9e543ddca62242ea197f738edc4a8c626d8c5a4188942d6302329ad073bb1eef46c480419fe1d5d0db1b0e624d67def731f51f5664ceadd1fc06ec2b6b41e303d36b657a551d1e898102f699a69ca7b3ce32d24977b3553420ac71917d9b1d97f1b1646a81bd68c80d5662a9eacf3f2fe9b5e08021abb550e1214e0b11cdcbe79a420469ff7b496db2a139f1b6ab283bb641ccd4cc16be76ac0dc1477312de679886d502946b9445214e934151a6cdc9a3b500ab4e9ac5d1c9bfa8d32ff583bcb1dc0eff151e3f6c05cd23bebecc538df3ce3160603dd198538c904581ed1c831548c6c48d1d55fa7824dadc8e8c4ab32d6ac85e5aa02654b6d3a997c0e082a7836e14caf29e43a98b559daaca6601658ec4ce9d4c0eec4c8553ae4ac8648e73a871b54de56b38efe35273a7589f3b722fdb7f22f968194ccbc048c3f4663e05c1da95900f3beb53b7f4df65dc88c28d905055cb1acfce0e76e8182819192c3298d71b24c0fa4c6961431527cd44cabc634d2dc0314b47ef362936dafd075602819eff871cb5ae8aedf564feaa01586b6178c1dab243c5a9e90fde27bd2f290dffe3a73d16cc953d63ab3245f6d28a55ba69cefae83aa3ffb0ed04127da496c60ea40f6f99b9559e901c5f0c073d76d59f2e73ea0aa95bee91caf5ccb4fea7736acc004a80d0a6b76b45733d0d8692dd1ea86298080072711b102103b1ad864b180f8471bb33554989673ce0ea7dc05a2cd10e997f8b0523c855f1a87876689965f9432ac4826f77bd32a973a15441aafbd672c942672971d0c879aea349f789d3ca6c01107cebb607fa8a854c7d0242d7ef3ad035093cebf754648619e7d660e1ce3cfbed5da9e77dea66e462957b89bee31893c8ee5d4eac0c1388e2ec341170f38ebdb2172c230a349b7432cc0e97f7a0f56455ca97aa91da20d0409d153bc6c6f316f7d0dd56acefa984c464d2f730c23d1ee06bf0b5d9d53cbfd1147a7c071ec440b84102a1461386fee1bcd4808bff24310b4f0a46cfde2760d9d31511179398635544070e9fdbbcac67dd2a6db537a0dc613f4742c53c8ce64fdbfe2b53f3ab06f3ac4593cfae6182aa8f6729f018aad30c71051ef9323a6ce67e2a72262bd023b7bef70af0ec14a064cbf46c57a759b368a61ab2f44d882b60cdd766e3b2ab0fe6a851a196bb94f83afe0d24f49c18c6a146c19289a1924b65df2485a0fcba3d7e78a2c83184ff3eec1b5d5535a05b78fad9aa3f4b2c352f58f11923fb74310e0ef1ce40911fb37c182e5e53ecf0167815cb63f7e343088fea70c1d0629d40f490311e4f9f713ffd59032aa59c1c920de6b5df543eb507b29de0a77bce5be6fe192cd551f8ef0cf9f49bd0ddc924ef059bf03048da8cee840637bf562f7b7640f6b9d9f84c34dcc172324e7689d97e5ab71aedf01e6df379cb90eb2a416c74c798f66caaedf77283c8ca21a89522ee9331979c0680c3c0ef37415575ddff78448c621f953b484e419a5d43b9a0aa15dacd039d88c5e6b8c9af1c4f6f3867e1da940f5d8608778a85b1f39ae61f564ab31059196cb1c7bf4695b1391524790dc3fa06805af9c6928cb926294166bf9629c873ac7b2e232d77a544a4b34e78cb2ffb5a515771e4afd673aa9c04fa7e4d73653863af091ace66c61fb8221e58f126e501716be27dc8450cecb3a9bfad7d760ddd2d15a403f749e52f740c63c9188f5b80ad5d3e95a97a58097a566ee6ffbfec766b716e1c77ffe628ad51c147e2911cc8233a8d65f1214004dfb70714dfdc0b8e647bc26d052d6e876e054d8cf0662b94618adfb7e2b7deae882bec7e8b553389ac46801aa743a8434638c7596396d44448e22a17b2a29c0bc1d1650230838396b8df7352b91824af7e6b5d390d6b1ec4122d64828320a6c979f4a6d9344309db5212b2956dca61a02eeed9ca5d3e5f65fcd91b235a69c60ceb292ddf5c1a450f15898d3423790ae3a84f7d36d35dd8bf8e9d6732d39233a9b10c6aa83c33c6161d55a4fa1000945b018fb7a58e241bc6da0a6a9e02f954c344acbe371fa27db693fb1d74b93e14217264a679daebfeb0955eaa9332d3654274a9accf32135905cff88963b4f26b612d75da9fe4fea1aab70c911188902e348c8a41d7bff85c80b0168d85f5db9211d532544819601d29ddf3fcf26a5e30893d0a21df8ad72c0ae8a03fe76a70a8761a5677d37ca48208eba5359d149bef79110f5da65f0f97149d236f189bb8ea5b61e14ceb43274d6d8ef50450242b4a63260844cb83c485fcc4209b57fc5eb181f3bb611b90dd497686301a252936949358b401c85d9ed5fb6c7dacdc0281ab2b72b9289613e88c64a440d1cb75cdd65e9d58e99311905176485474200c72ae8308e9745c72d04323ac15cd3f8fc2042f3110d5f2689e8d25339bd219e4a8aa9dd86925cbfb19a8fe019db1aff172544d72e9243ca3a36f9b2bb381d80ae82819f5c32277ef3d6dba5d31ed293a38ad076627e418034a271559c0175f885eafd6669ae3430ea509cdeca28455db02c855bb94dfc1ce173d3a4f7207e44c5f7da485a0c34a6ee667d9682735d951c28a12dc893d6783591afd8a59c1ad9cfac48ccae24730377bd7ca4f1a996039dbcdba0269062cb75eb5a1e95162197d82b2b86863853521bf68f78793e87e1fcb0d49bdd039ec70d466f5bd165ab178c179dacc100d756f31d32eed96856f7eae8d7cfcd7bb5929a77f353417a38ae39a6d54b9fa81f6fe206473a3acd70740a34c2887afb2b8af8cab95465eab3af9e172231e1adb2330b7f47a0e4ebf2c83baa595c7064871e64018ce779ed1e5290c55fc8cf01ff79a8c52ee2892e6557a4e81d926606b5eabb5438b00023bfd39ce83be872ddd724c1f00f12fb45e2a48ed11f48324c1f2f57c6b9dc8fa274d83ff343aca621ebabdbcd7d288fa153ac7a191e24e326ff55db7ec27c1e18afadbcd23b788a71912663503d20a2b7b5a4dbb3f41171cca073883fc87d0cca09f3bdbfda2fc66b12f8cd4788395d643dc67ae0befb29a43100c5dca5197b77b52fec831179025b3b68102dd429ae2b36f5d583a9aea29b66c84f64670424caf112868f9ff6e39c2fe8067150e3a4877c7b63dfd935cfeb615cb842d28943f04c35602353fe3e8cb5385e90331d55083c4619e84cae71fd338b216b360e7bb1ab1ae2ed6184eefac5c5a62a4cd1f495a47a30f5af35576833197ec02ab42acb2f2c818c18ab29abcee3eeed8ef90cd31cbcf3dfdc4df5d203610c944348cf1de42c2f37afa5da8f0cd1cae6a6d3b7aaa28bfe83ca713eeaec25e2d4803860ac21012ffcb97b560aa5f22cb624969af1ab53388c499ef7cbf1c6c8d5a6d92217af3a8fd91a5dbfa5fc8bc4251e93a55227b91f421b947dc287f46ca0ec8059dca902bd552918085d4a20674272278dd90dd1588db1da0dd9d370fabf067ac5c90406a11d5057d3169ede85cc0958aebbce8fcf6230c5874668a5d3608fe5f9c51e55a68f665f6e223e7d5247ba4cc8cad148e535bf3101dc53c27fcdec0582011fc95db7940daf495326a953591076d1a99503babc2f00a48c5f3c9a7e8d4b2d44de2105404edd76d81520c5fa64819a3f3a61441493a75435c6ada841f4e4c083bad31610bdfba8050fe054352733c1e51fd688931f0a61ad70d256ce1fc1d6fc32515e4c9a733e6394eb11b70967c603c5e94d8e1f810cf560", 0xf8e}], 0x4) write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000f60000000000000000003f"], 0x119) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) 14:16:14 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) 14:16:14 executing program 3: pipe(&(0x7f0000000200)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, &(0x7f00000000c0), 0x400, 0x0) 14:16:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r3) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 525.404540][T15358] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 525.470549][ T6385] hid-generic 0000:0000:F60000.0005: item fetching failed at offset 0/1 [ 525.490510][ T6385] hid-generic: probe of 0000:0000:F60000.0005 failed with error -22 14:16:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x20000002}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000bc0)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/74, 0x4a}, {&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x3, &(0x7f0000000340)=""/115, 0x73}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)=[{&(0x7f0000002100)=""/240, 0xf0}, {&(0x7f0000001000)=""/129, 0x81}, {&(0x7f0000002200)=""/54, 0x36}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000002240)=""/2, 0x2}, {&(0x7f00000022c0)=""/231, 0xe7}], 0x6, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {&(0x7f0000002600)=""/237, 0xed}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x4, &(0x7f00000047c0)=""/10, 0xa}, 0x10000}, {{0x0, 0x0, 0x0}, 0x7e}], 0x6, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) io_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x10000, 0x200000000000}, 0x2000, 0x0, 0x1, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xf, 0xffffffffffffffff, 0xa) socket$inet(0x2, 0x803, 0xa0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000002740)={0xa, 0x0, 0x0, @local}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eecec9c4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36ffcd215c2de6770e2e70a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179187f6113b17a1a679fea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69098fd7ad188d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000000009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630060c603fb5ceeb5f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f22b6c73adec32f74f8f0dcf318093afae4979a71e2d77883e75ceb8b19f2451b31670dc3964c8b4e71ed3c41d96cc837d21e0171b5ae4946155bc96d46cb9451c799dc77d08cbcd73735e1"], 0x18}}], 0x1b1, 0x0) r5 = socket$inet(0x2, 0x0, 0x9) fcntl$dupfd(0xffffffffffffffff, 0x406, r5) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) 14:16:14 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x40000000011, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 14:16:15 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x10}, 0x10}}, 0x0) 14:16:15 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) 14:16:15 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) fchdir(r0) open(0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, 0x0, 0x20800) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffe58) fallocate(r1, 0x3, 0x5, 0x10000) fallocate(r1, 0x0, 0x5e89, 0xfff9) 14:16:15 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 14:16:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba00281293bd5d74dafc20380003000000c763bf0c0079be7a2ce3c134108fe74950f9b93a5ea08ee7257825501bb77bf723be80699ab51e67f4fee76bb7fad4231d844bc3c08f7352c53960ede02054e2418d890a676ec576ff0000005466eb935812a2d3e432b953a500000000000086314219123c233beca448dd9f82c124c794f7091e2b1023e629b0ad0ff74ed7d8102e0cbe3166973841c157945f577ea3aeba088227b92e997497b1ead14edc30039d7a01ae3efc82e30d345cbc9a14e11dd91ce716d1d19e059363ca36ea2e099cd3740210f66f32e73b897cca2b1550053d9e9edebbfcaa5e49b6e8148a4cc76efbeb16e3e4fd678792d290e73cb5ac591910db44cc7acbe3ef56f8e7b0bbfd7cdff112f906d369c82e03adc1b159b8f5b667d05136cb69c902e24d6169d941fbee0d1c74de251424cf0baac37166fc1ebbbe1845f3c64b249ddeff68200000007926172a71b7352cded84d4a4a5ed360834d5c802613a8984fdc57d958246ea0e632cf33194cae5fdc614766b334c5d18fa05bf41d6001550f00b285dd001aa6c334380000000000003cef53baf50f21397786474a5cbf031f5082a2f80eef99cc22873091415b93a182659554f6bfae312e1be51285e0bbefb5563b3d00c723b4812692f69e8faec289ae7b271e2e4b15b0f6ab9b1904b67862e13801c770206378e468511a84421b8ea4d797a0d22f6043c013ef87d1a8a8c5ec008100000000f6d56531c9afa8a87891761d5db8f71ccbe2c049324a4024a0bd90410ea72ced1e631b6d09222914499586226969692ecf637fdaae710f44d6420d9ca76e670db7157eb39645334db2c27985f17e331210d4d72d0f4c0388216ea877878eef19b9c4279682da12ccf9c71ba39b7a98f7c75929e892b126c6fcb7b10250cc3c100dec8f8a69e65d38ab13360e800af529dc2a0ff44d92bac515bb4a38b5afb9fb9c1989acc2d1c3367240f50fc50b460b6c24b42934a9ca929d355989f6a6eee666d55c987e40ba129fb8b8c42237e2a948a07176e81968dc902b634524e20bad0ca74b1042c0348fabbd642893fafa7d39aeb3cca9623bafb4b48bcdb8bc6c5a5d2bcd6303623194e0ac2e3b825d7fea9d12d77e3023d03fa4d78cb8b2dae12aebaf54f4b9c5f43c3fea13a66131ac7c500fc430c6b3efbbbb9731f253332195302c65b90e9d74127ba08215648e29f83198df103296e93abfcaf752a9f532036125e5cff562c1f061ebee1d0fa70d541a74d0d721c58b0e1e27d0bbbb386d76108ac4da3d31ef529f5fea6304f2aa7d315740984d596fcfee951843416b69f3d1e90ae6cae942a60cc3d5e97da9a26934858d3ec28195311fc6b2f79658fde133e7f45e53c347980f6ed762a963829a2988312d545eba2386034b63dd0db38ed9c2b3304a279e28fe556e44b92d64087778d75ffae7f0d664b29aafa57dc26efcba6d6d2726da8b8d85c7548cc3d412e18996ef61949bab80baf550769c6533e1db138e2e48414abe54838a66ae2877d832e6d8c85205fb65b841585c220bea87c4391b3514e72c043aea4cd9206552b839c8082978eb94fc79fceac4206c0a9425e4bd9b84c4511d60df5fe284e44deab74b44c11e2b4d1460c8d9738fef60e11c14bf00b1c095906a0c09317eddb13839024cbc00"/1245], 0x3c) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 14:16:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 526.548123][T15411] ERROR: Domain ' /sbin/init /usr/sbin/sshd /usr/sbin/sshd /bin/bash /root/syz-fuzzer /root/syz-executor.4 proc:/self/fd/4' not defined. [ 526.570884][ T8000] attempt to access beyond end of device [ 526.580544][ T8000] loop5: rw=1, want=3841, limit=63 14:16:15 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x1000000000004e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 526.599879][ T8000] attempt to access beyond end of device [ 526.615924][ T8000] loop5: rw=1, want=6353, limit=63 [ 526.633941][ T8000] attempt to access beyond end of device [ 526.639938][ T8000] loop5: rw=1, want=8401, limit=63 [ 526.662566][ T8000] attempt to access beyond end of device [ 526.677634][ T8000] loop5: rw=1, want=10449, limit=63 [ 526.707880][ T8000] attempt to access beyond end of device [ 526.716627][ T8000] loop5: rw=1, want=12497, limit=63 14:16:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba00281293bd5d74dafc20380003000000c763bf0c0079be7a2ce3c134108fe74950f9b93a5ea08ee7257825501bb77bf723be80699ab51e67f4fee76bb7fad4231d844bc3c08f7352c53960ede02054e2418d890a676ec576ff0000005466eb935812a2d3e432b953a500000000000086314219123c233beca448dd9f82c124c794f7091e2b1023e629b0ad0ff74ed7d8102e0cbe3166973841c157945f577ea3aeba088227b92e997497b1ead14edc30039d7a01ae3efc82e30d345cbc9a14e11dd91ce716d1d19e059363ca36ea2e099cd3740210f66f32e73b897cca2b1550053d9e9edebbfcaa5e49b6e8148a4cc76efbeb16e3e4fd678792d290e73cb5ac591910db44cc7acbe3ef56f8e7b0bbfd7cdff112f906d369c82e03adc1b159b8f5b667d05136cb69c902e24d6169d941fbee0d1c74de251424cf0baac37166fc1ebbbe1845f3c64b249ddeff68200000007926172a71b7352cded84d4a4a5ed360834d5c802613a8984fdc57d958246ea0e632cf33194cae5fdc614766b334c5d18fa05bf41d6001550f00b285dd001aa6c334380000000000003cef53baf50f21397786474a5cbf031f5082a2f80eef99cc22873091415b93a182659554f6bfae312e1be51285e0bbefb5563b3d00c723b4812692f69e8faec289ae7b271e2e4b15b0f6ab9b1904b67862e13801c770206378e468511a84421b8ea4d797a0d22f6043c013ef87d1a8a8c5ec008100000000f6d56531c9afa8a87891761d5db8f71ccbe2c049324a4024a0bd90410ea72ced1e631b6d09222914499586226969692ecf637fdaae710f44d6420d9ca76e670db7157eb39645334db2c27985f17e331210d4d72d0f4c0388216ea877878eef19b9c4279682da12ccf9c71ba39b7a98f7c75929e892b126c6fcb7b10250cc3c100dec8f8a69e65d38ab13360e800af529dc2a0ff44d92bac515bb4a38b5afb9fb9c1989acc2d1c3367240f50fc50b460b6c24b42934a9ca929d355989f6a6eee666d55c987e40ba129fb8b8c42237e2a948a07176e81968dc902b634524e20bad0ca74b1042c0348fabbd642893fafa7d39aeb3cca9623bafb4b48bcdb8bc6c5a5d2bcd6303623194e0ac2e3b825d7fea9d12d77e3023d03fa4d78cb8b2dae12aebaf54f4b9c5f43c3fea13a66131ac7c500fc430c6b3efbbbb9731f253332195302c65b90e9d74127ba08215648e29f83198df103296e93abfcaf752a9f532036125e5cff562c1f061ebee1d0fa70d541a74d0d721c58b0e1e27d0bbbb386d76108ac4da3d31ef529f5fea6304f2aa7d315740984d596fcfee951843416b69f3d1e90ae6cae942a60cc3d5e97da9a26934858d3ec28195311fc6b2f79658fde133e7f45e53c347980f6ed762a963829a2988312d545eba2386034b63dd0db38ed9c2b3304a279e28fe556e44b92d64087778d75ffae7f0d664b29aafa57dc26efcba6d6d2726da8b8d85c7548cc3d412e18996ef61949bab80baf550769c6533e1db138e2e48414abe54838a66ae2877d832e6d8c85205fb65b841585c220bea87c4391b3514e72c043aea4cd9206552b839c8082978eb94fc79fceac4206c0a9425e4bd9b84c4511d60df5fe284e44deab74b44c11e2b4d1460c8d9738fef60e11c14bf00b1c095906a0c09317eddb13839024cbc00"/1245], 0x3c) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 526.775787][ T8000] attempt to access beyond end of device [ 526.801288][ T8000] loop5: rw=1, want=14545, limit=63 [ 526.841640][ T8000] attempt to access beyond end of device [ 526.860888][ T8000] loop5: rw=1, want=16593, limit=63 [ 526.899403][ T8000] attempt to access beyond end of device [ 526.924075][ T8000] loop5: rw=1, want=18641, limit=63 [ 526.968919][ T8000] attempt to access beyond end of device [ 526.989391][ T8000] loop5: rw=1, want=20689, limit=63 14:16:16 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r0, 0x2200}], 0x1, 0x0, 0x0, 0x0) [ 527.035748][ T8000] attempt to access beyond end of device [ 527.053704][ T8000] loop5: rw=1, want=22737, limit=63 14:16:16 executing program 4: futex(&(0x7f0000000040)=0x4, 0x0, 0x4, &(0x7f0000000000)={0x77359400}, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000140)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, r1+30000000}}, 0x0) tkill(r0, 0x20000000014) futex(&(0x7f0000000280), 0x800000000005, 0x0, 0x0, &(0x7f0000000040), 0x0) [ 527.091676][ T8000] attempt to access beyond end of device [ 527.115563][ T8000] loop5: rw=1, want=24785, limit=63 [ 527.146047][ T8000] attempt to access beyond end of device [ 527.151788][ T8000] loop5: rw=1, want=24945, limit=63 14:16:16 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffff9}]}) pivot_root(0x0, 0x0) 14:16:16 executing program 2: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') preadv(r0, &(0x7f0000000540)=[{&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/84, 0x54}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/118, 0x76}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}, {&(0x7f0000002900)=""/4095, 0xfff}], 0x7, 0x2) 14:16:16 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r0, 0x2200}], 0x1, 0x0, 0x0, 0x0) 14:16:16 executing program 1: r0 = getpgrp(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigtimedwait(&(0x7f00000000c0), 0x0, &(0x7f0000000000)={0x0, 0x1c9c380}, 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000240)=[{}, {0x0, 0xca2e}], 0x2) tkill(r1, 0x1) 14:16:16 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0) 14:16:16 executing program 1: semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f00000024c0)=""/4119) 14:16:16 executing program 2: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') preadv(r0, &(0x7f0000000540)=[{&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/84, 0x54}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/118, 0x76}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}, {&(0x7f0000002900)=""/4095, 0xfff}], 0x7, 0x2) [ 528.224587][ T26] kauditd_printk_skb: 19 callbacks suppressed [ 528.224605][ T26] audit: type=1326 audit(1588169777.337:331): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=15439 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f66a code=0xffff0000 14:16:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:17 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/nf_conntrack\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r0, 0x0, 0xfffff) 14:16:17 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x3, 0x1, 0x201}, 0x14}}, 0x0) 14:16:17 executing program 4: syz_emit_ethernet(0x83, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "7c3905", 0x4d, 0x88, 0x0, @empty, @mcast2, {[], {0x0, 0x0, 0x4d, 0x0, @wg=@data={0x4, 0x0, 0x0, "d33066c5d508ff339611f777cd505d1bc1945510d69a0c94356c1b2f9460e202dcd7545d2b8744e6ca2c9e3ceb6e97184641dfc828"}}}}}}}, 0x0) 14:16:17 executing program 2: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') preadv(r0, &(0x7f0000000540)=[{&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/84, 0x54}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/118, 0x76}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}, {&(0x7f0000002900)=""/4095, 0xfff}], 0x7, 0x2) 14:16:17 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000013c0)={0x2, 0xa, 0x0, 0x3, 0x2}, 0x10}}, 0x0) [ 528.565737][ T26] audit: type=1804 audit(1588169777.677:332): pid=15487 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/156/file0/bus" dev="loop5" ino=167 res=1 14:16:17 executing program 4: sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="7000000000011905030000000000000002000000240001001400010008000100ffffffff08000200ac1e00010c0002000500010000000000240002000c00020005000100000000001400010008000100e000010208000200ff18000008000700000000000c000d000889c3c21af10959a3d6a4c348e7ed141eb90b40b5ba80dda970148dfb92ca5fe79e7fe5802250d6bdc9f44112046295fca62abc7231863f4e10bf1390f037e6c5b91c1645a4f9d333d9073a25dbd0fb73223d5c1d2969407507157c496584e575cd4f5d9272985b23e87d0a16268f846a83884b1092236183e5cfb04516bfecdf886a32ddef2ceae9d133d48a732d2024487170238a8ec98682ce7552ace40d73c677af38cdccca60b58d63cdb24293826db6c88c26498d0db7734945a8ffa13352b58e95c89156b90ccf7d904a919b393d6a3442eca76396c5306ef82af2a17c3d286b066d1b0f8416dcebc8a5e31ce4a546ccea0bc9998cfd9e8eb493caf9154cf891f953f50d36b06d0ddedcbb091b2027a7b88c46496b222521aace92bff47cba005478c0d7cc27e6e4519faa80e310a54fc7e819d32477c5a216c12fce807663c180b6fe2ddcee4bd53cefac6b12603733d1971b6e77096eefdb951adc169c990b4a375a64842369c704c23f4f0ea786d8dcaf11bcf7cb00"/498], 0x70}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) [ 528.887001][ T26] audit: type=1804 audit(1588169777.717:333): pid=15490 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/156/file0/bus" dev="loop5" ino=167 res=1 14:16:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffeac, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000906010100000000000000000000000005000100060000000900020073797a31000000000c0007800800094000e81b82a89ca6bc198ba0a9c0a550398a9da8ce277cfa563c3e974600af4f92c59537dfc9cbf03dc621caffedbf7482599659be0d89e59ec4a074f465f59bbaf102bd5dfe0b111e1141f071d29e44e8daf14b73ecf31f2672020000000000"], 0x34}}, 0x0) 14:16:18 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000024000b0400"/20, @ANYRES32=r1, @ANYBLOB="00000000ffffffff0000000008000100706965000c0002000800020000000000"], 0x38}}, 0x0) 14:16:18 executing program 3: creat(&(0x7f0000000280)='./file0\x00', 0x1) socket$netlink(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x189002, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x2e}, {}, 0x0, 0x0, 0x1}, {{@in6=@local, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, 0x1}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 14:16:18 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x200) memfd_create(0x0, 0x0) ioctl$int_out(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_tables_names\x00') pread64(r1, 0x0, 0x0, 0xd153) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000040)=0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) 14:16:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:18 executing program 2: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendfile(r1, r0, 0x0, 0x100000001) 14:16:18 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@link_local, @random="a1b9ba97a8d7", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @empty}, {0x0, 0x0, 0x0, @empty}}}}}, 0x0) [ 529.393917][ T8000] attempt to access beyond end of device 14:16:18 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80803, 0x4) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000005c0)) [ 529.448765][ T8000] loop5: rw=1, want=3017, limit=63 [ 529.476662][ T8000] attempt to access beyond end of device [ 529.484264][ T8000] loop5: rw=1, want=5065, limit=63 14:16:18 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) dup2(r1, r0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x280, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3, 0x0, {[{{@ip={@private, @loopback, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller0\x00'}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x6ac91baf7a03cc3f}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}, {{@ip={@dev, @dev, 0x0, 0x0, 'bond_slave_1\x00', 'vlan1\x00'}, 0x0, 0x98, 0xc8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e0) [ 529.538936][ T8000] attempt to access beyond end of device [ 529.545191][T15514] mmap: syz-executor.1 (15514) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 529.562634][ T8000] loop5: rw=1, want=7113, limit=63 [ 529.590805][ T8000] attempt to access beyond end of device [ 529.609176][ T8000] loop5: rw=1, want=9161, limit=63 14:16:18 executing program 0: r0 = socket(0x10, 0x803, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000300)) 14:16:18 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mlock(&(0x7f0000007000/0x4000)=nil, 0x4000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) 14:16:18 executing program 2: [ 529.646714][ T8000] attempt to access beyond end of device [ 529.669651][ T8000] loop5: rw=1, want=11209, limit=63 [ 529.678749][T15523] x_tables: duplicate underflow at hook 3 [ 529.690821][T15526] x_tables: duplicate underflow at hook 3 14:16:18 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000004c0)={'vlan0\x00', 0x7101}) [ 529.743051][ T8000] attempt to access beyond end of device [ 529.765233][ T8000] loop5: rw=1, want=13257, limit=63 14:16:18 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB="6d616e676c650000000000000000000000000000000000000000007fd80000001f0000000600000010040000e002000038020000800100003802000038020000780300007803000078030000780300007803000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e70000000000000000000000000000000000c000e80000000000000000000000000000000000000000002800727066696c74657200000000000000000000000000000000000000000000000000000000000028007365740000000000000000000000000000000000000000000000000000010000000000000000280054544c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff000000000000007000980000000000000000000000000000000000000000002800445343500000000000000000000000000000000000ae51474821ccc6cd000000000000000000e0000002ec1414aa00000000000000000000000000000000000000000000000065707370616e30000000000000000000000000000000000000000000003300000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000000000000000000000000001ff0200000000000000000000000000016772653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033de000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038005345540000000000000000000000000000000000000000000000000000030000040000000000000000acc5e32c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280054544c0000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000040000000000000000000000000000000000000000000000200000feffffff"], 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r3, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r3, 0x0, 0x30005, 0x0) [ 529.801872][ T8000] attempt to access beyond end of device [ 529.821012][ T8000] loop5: rw=1, want=15305, limit=63 14:16:19 executing program 0: unshare(0x2a000400) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) unshare(0x8000400) 14:16:19 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) dup2(r1, r0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x280, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3, 0x0, {[{{@ip={@private, @loopback, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller0\x00'}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x6ac91baf7a03cc3f}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}, {{@ip={@dev, @dev, 0x0, 0x0, 'bond_slave_1\x00', 'vlan1\x00'}, 0x0, 0x98, 0xc8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e0) time(0x0) [ 529.868054][ T8000] attempt to access beyond end of device [ 529.891587][ T8000] loop5: rw=1, want=17353, limit=63 [ 529.921681][T15536] device vlan0 entered promiscuous mode [ 529.940721][ T8000] attempt to access beyond end of device [ 529.942831][T15537] x_tables: duplicate underflow at hook 1 [ 529.965566][ T8000] loop5: rw=1, want=19401, limit=63 [ 529.988471][ T8000] attempt to access beyond end of device [ 529.997319][ T8000] loop5: rw=1, want=21449, limit=63 [ 530.004826][T15540] x_tables: duplicate underflow at hook 3 [ 530.015241][T15545] x_tables: duplicate underflow at hook 3 [ 530.028554][ T8000] attempt to access beyond end of device [ 530.053397][ T8000] loop5: rw=1, want=23497, limit=63 [ 530.089184][ T8000] attempt to access beyond end of device [ 530.128277][ T8000] loop5: rw=1, want=25129, limit=63 [ 530.447536][ T26] audit: type=1804 audit(1588169779.557:334): pid=15554 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/157/file0/bus" dev="loop5" ino=168 res=1 [ 530.506045][ T26] audit: type=1804 audit(1588169779.607:335): pid=15557 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/157/file0/bus" dev="loop5" ino=168 res=1 14:16:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:20 executing program 2: socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd601e040000140600fe8000000000000000000000000000bbfe80cad9e2beee2c9bf4d4000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) 14:16:20 executing program 4: 14:16:20 executing program 0: 14:16:20 executing program 3: 14:16:20 executing program 1: 14:16:20 executing program 4: 14:16:20 executing program 3: 14:16:20 executing program 0: 14:16:20 executing program 1: 14:16:20 executing program 2: [ 531.441673][ T26] audit: type=1804 audit(1588169780.547:336): pid=15576 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/158/file0/bus" dev="loop5" ino=169 res=1 14:16:20 executing program 3: [ 531.771910][ T26] audit: type=1804 audit(1588169780.597:337): pid=15579 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/158/file0/bus" dev="loop5" ino=169 res=1 14:16:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:21 executing program 0: 14:16:21 executing program 1: 14:16:21 executing program 4: 14:16:21 executing program 2: 14:16:21 executing program 3: [ 532.229609][ T21] attempt to access beyond end of device [ 532.257844][ T21] loop5: rw=1, want=3029, limit=63 14:16:21 executing program 0: 14:16:21 executing program 1: [ 532.308061][ T21] attempt to access beyond end of device [ 532.313741][ T21] loop5: rw=1, want=5077, limit=63 14:16:21 executing program 2: 14:16:21 executing program 4: 14:16:21 executing program 3: [ 532.413674][ T21] attempt to access beyond end of device [ 532.442543][ T21] loop5: rw=1, want=7125, limit=63 14:16:21 executing program 0: [ 532.499006][ T21] attempt to access beyond end of device [ 532.536632][ T21] loop5: rw=1, want=9173, limit=63 [ 532.591043][ T21] attempt to access beyond end of device [ 532.616950][ T21] loop5: rw=1, want=11221, limit=63 [ 532.649625][ T21] attempt to access beyond end of device [ 532.673949][ T21] loop5: rw=1, want=13269, limit=63 [ 532.715763][ T21] attempt to access beyond end of device [ 532.721525][ T21] loop5: rw=1, want=15317, limit=63 [ 532.748139][ T21] attempt to access beyond end of device [ 532.753823][ T21] loop5: rw=1, want=17365, limit=63 [ 532.788469][ T21] attempt to access beyond end of device [ 532.794707][ T21] loop5: rw=1, want=19413, limit=63 [ 532.818146][ T21] attempt to access beyond end of device [ 532.827429][ T21] loop5: rw=1, want=21461, limit=63 [ 532.851067][ T21] attempt to access beyond end of device [ 532.867317][ T21] loop5: rw=1, want=23509, limit=63 [ 532.879347][ T21] attempt to access beyond end of device [ 532.885216][ T21] loop5: rw=1, want=24225, limit=63 [ 533.165364][ T26] audit: type=1804 audit(1588169782.277:338): pid=15611 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/159/file0/bus" dev="loop5" ino=170 res=1 [ 533.247295][ T26] audit: type=1804 audit(1588169782.347:339): pid=15614 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/159/file0/bus" dev="loop5" ino=170 res=1 14:16:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:23 executing program 1: 14:16:23 executing program 2: 14:16:23 executing program 0: 14:16:23 executing program 4: 14:16:23 executing program 3: 14:16:23 executing program 0: 14:16:23 executing program 4: 14:16:23 executing program 2: 14:16:23 executing program 3: 14:16:23 executing program 1: [ 534.165075][ T26] audit: type=1804 audit(1588169783.277:340): pid=15625 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/160/file0/bus" dev="loop5" ino=171 res=1 14:16:23 executing program 0: [ 534.288174][ T26] audit: type=1804 audit(1588169783.317:341): pid=15633 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/160/file0/bus" dev="loop5" ino=171 res=1 14:16:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:24 executing program 4: 14:16:24 executing program 3: 14:16:24 executing program 1: 14:16:24 executing program 0: 14:16:24 executing program 2: 14:16:24 executing program 1: 14:16:24 executing program 2: 14:16:24 executing program 0: 14:16:24 executing program 3: 14:16:24 executing program 1: 14:16:24 executing program 2: [ 535.177480][ T26] audit: type=1804 audit(1588169784.237:342): pid=15658 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/161/file0/bus" dev="loop5" ino=172 res=1 [ 535.304966][ T26] audit: type=1804 audit(1588169784.287:343): pid=15662 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/161/file0/bus" dev="loop5" ino=172 res=1 14:16:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:24 executing program 4: 14:16:24 executing program 3: 14:16:24 executing program 2: 14:16:24 executing program 1: 14:16:24 executing program 0: 14:16:25 executing program 4: 14:16:25 executing program 1: 14:16:25 executing program 3: 14:16:25 executing program 2: 14:16:25 executing program 0: [ 536.142301][ T26] audit: type=1804 audit(1588169785.247:344): pid=15689 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/162/file0/bus" dev="loop5" ino=173 res=1 14:16:25 executing program 1: [ 536.445324][ T26] audit: type=1804 audit(1588169785.297:345): pid=15695 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/162/file0/bus" dev="loop5" ino=173 res=1 14:16:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:26 executing program 4: 14:16:26 executing program 3: 14:16:26 executing program 0: 14:16:26 executing program 2: [ 537.087415][ T21] attempt to access beyond end of device [ 537.111488][ T21] loop5: rw=1, want=2977, limit=63 14:16:26 executing program 4: 14:16:26 executing program 3: 14:16:26 executing program 1: [ 537.147655][ T21] attempt to access beyond end of device [ 537.157434][ T21] loop5: rw=1, want=5025, limit=63 14:16:26 executing program 0: [ 537.222254][ T21] attempt to access beyond end of device [ 537.239166][ T21] loop5: rw=1, want=7073, limit=63 14:16:26 executing program 2: [ 537.269862][ T21] attempt to access beyond end of device [ 537.282965][ T21] loop5: rw=1, want=9121, limit=63 14:16:26 executing program 4: 14:16:26 executing program 3: [ 537.350505][ T21] attempt to access beyond end of device [ 537.381188][ T21] loop5: rw=1, want=11169, limit=63 [ 537.431773][ T21] attempt to access beyond end of device [ 537.457035][ T21] loop5: rw=1, want=13217, limit=63 [ 537.503429][ T21] attempt to access beyond end of device [ 537.526522][ T21] loop5: rw=1, want=15265, limit=63 [ 537.568337][ T21] attempt to access beyond end of device [ 537.583775][ T21] loop5: rw=1, want=17313, limit=63 [ 537.603597][ T21] attempt to access beyond end of device [ 537.609553][ T21] loop5: rw=1, want=19361, limit=63 [ 537.622312][ T21] attempt to access beyond end of device [ 537.628789][ T21] loop5: rw=1, want=21409, limit=63 [ 537.642664][ T21] attempt to access beyond end of device [ 537.649443][ T21] loop5: rw=1, want=23457, limit=63 [ 537.677957][ T21] attempt to access beyond end of device [ 537.690883][ T21] loop5: rw=1, want=24469, limit=63 [ 537.957027][ T26] audit: type=1804 audit(1588169787.067:346): pid=15727 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/163/file0/bus" dev="loop5" ino=174 res=1 [ 538.046777][ T26] audit: type=1804 audit(1588169787.137:347): pid=15730 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/163/file0/bus" dev="loop5" ino=174 res=1 14:16:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:27 executing program 1: 14:16:27 executing program 0: 14:16:27 executing program 2: 14:16:27 executing program 3: 14:16:27 executing program 4: 14:16:27 executing program 4: [ 538.740469][ T8003] attempt to access beyond end of device [ 538.762295][ T8003] loop5: rw=1, want=3821, limit=63 14:16:27 executing program 2: 14:16:27 executing program 3: [ 538.806115][ T8003] attempt to access beyond end of device 14:16:28 executing program 1: [ 538.851427][ T8003] loop5: rw=1, want=5869, limit=63 14:16:28 executing program 0: [ 538.878381][ T8003] attempt to access beyond end of device [ 538.903756][ T8003] loop5: rw=1, want=7917, limit=63 14:16:28 executing program 2: [ 538.930788][ T8003] attempt to access beyond end of device [ 538.959648][ T8003] loop5: rw=1, want=9965, limit=63 [ 539.010083][ T8003] attempt to access beyond end of device [ 539.039578][ T8003] loop5: rw=1, want=12013, limit=63 [ 539.105318][ T8003] attempt to access beyond end of device [ 539.113271][ T8003] loop5: rw=1, want=14061, limit=63 [ 539.134858][ T8003] attempt to access beyond end of device [ 539.140845][ T8003] loop5: rw=1, want=16109, limit=63 [ 539.154830][ T8003] attempt to access beyond end of device [ 539.160925][ T8003] loop5: rw=1, want=18157, limit=63 [ 539.174910][ T8003] attempt to access beyond end of device [ 539.180844][ T8003] loop5: rw=1, want=20205, limit=63 [ 539.194637][ T8003] attempt to access beyond end of device [ 539.200550][ T8003] loop5: rw=1, want=22253, limit=63 [ 539.214797][ T8003] attempt to access beyond end of device [ 539.224611][ T8003] loop5: rw=1, want=24301, limit=63 [ 539.246137][ T8003] attempt to access beyond end of device [ 539.253565][ T8003] loop5: rw=1, want=26349, limit=63 [ 539.268967][ T8003] attempt to access beyond end of device [ 539.274970][ T8003] loop5: rw=1, want=28397, limit=63 [ 539.284808][ T8003] attempt to access beyond end of device [ 539.290969][ T8003] loop5: rw=1, want=29353, limit=63 [ 539.580603][ T26] audit: type=1804 audit(1588169788.687:348): pid=15757 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/164/file0/bus" dev="loop5" ino=175 res=1 [ 539.659877][ T26] audit: type=1804 audit(1588169788.757:349): pid=15760 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/164/file0/bus" dev="loop5" ino=175 res=1 14:16:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:29 executing program 4: 14:16:29 executing program 3: 14:16:29 executing program 0: 14:16:29 executing program 1: 14:16:29 executing program 2: [ 540.366871][ T8003] attempt to access beyond end of device [ 540.374755][ T8003] loop5: rw=1, want=3821, limit=63 [ 540.400317][ T8003] attempt to access beyond end of device 14:16:29 executing program 4: [ 540.414010][ T8003] loop5: rw=1, want=5869, limit=63 14:16:29 executing program 3: 14:16:29 executing program 0: 14:16:29 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) pipe(&(0x7f0000000100)) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000340)={{0x2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xb259, 0xffffffffffffff80, 0xc2e, 0x0, 0x363, 0x8, 0x0, 0x1}) socket(0x0, 0x803, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 540.443581][ T8003] attempt to access beyond end of device [ 540.450322][ T8003] loop5: rw=1, want=7917, limit=63 [ 540.475211][ T8003] attempt to access beyond end of device [ 540.484177][ T8003] loop5: rw=1, want=9965, limit=63 14:16:29 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{}]}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 540.551053][ T8003] attempt to access beyond end of device [ 540.573250][ T8003] loop5: rw=1, want=12013, limit=63 14:16:29 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') [ 540.614487][ T8003] attempt to access beyond end of device [ 540.627855][ T8003] loop5: rw=1, want=14061, limit=63 [ 540.665105][ T8003] attempt to access beyond end of device [ 540.676263][ T8003] loop5: rw=1, want=16109, limit=63 [ 540.720442][ T8003] attempt to access beyond end of device [ 540.756223][ T8003] loop5: rw=1, want=18157, limit=63 [ 540.759764][T15778] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 540.827787][ T8003] attempt to access beyond end of device [ 540.860170][ T26] audit: type=1800 audit(1588169789.967:350): pid=15779 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="loop4" ino=176 res=0 [ 540.878001][ T8003] loop5: rw=1, want=20205, limit=63 [ 540.900493][ T26] audit: type=1804 audit(1588169789.967:351): pid=15779 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/300/file0/file0" dev="loop4" ino=176 res=1 [ 540.941698][ T26] audit: type=1804 audit(1588169790.047:352): pid=15784 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/300/file0/file0" dev="loop4" ino=176 res=1 [ 540.989730][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.017732][ T8003] attempt to access beyond end of device [ 541.029922][T15779] FAT-fs (loop4): Filesystem has been set read-only [ 541.037264][ T8003] loop5: rw=1, want=22253, limit=63 [ 541.037355][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.063345][ T8003] attempt to access beyond end of device [ 541.063698][T15784] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.069223][ T8003] loop5: rw=1, want=24301, limit=63 [ 541.090293][ T8003] attempt to access beyond end of device [ 541.096084][ T8003] loop5: rw=1, want=26349, limit=63 [ 541.108791][ T8003] attempt to access beyond end of device [ 541.114713][ T8003] loop5: rw=1, want=28397, limit=63 [ 541.120149][T15784] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.125534][ T8003] attempt to access beyond end of device [ 541.134491][ T8003] loop5: rw=1, want=29485, limit=63 [ 541.148528][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.165144][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.185941][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.205053][T15779] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 541.225327][ T26] audit: type=1800 audit(1588169790.337:353): pid=15779 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=176 res=0 [ 541.274165][ T26] audit: type=1800 audit(1588169790.357:354): pid=15785 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=176 res=0 [ 541.544960][ T26] audit: type=1804 audit(1588169790.657:355): pid=15797 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/165/file0/bus" dev="loop5" ino=177 res=1 [ 541.619478][ T26] audit: type=1804 audit(1588169790.697:356): pid=15800 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/165/file0/bus" dev="loop5" ino=177 res=1 14:16:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:31 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) pipe(&(0x7f0000000100)) msgctl$IPC_SET(0x0, 0x1, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:31 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r4, 0x0, r5) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 14:16:31 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') 14:16:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000000)="240000001e005f0014f9f40700090400020000000100000000000000080001", 0x1f) write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[], 0xfffffecc) r4 = socket$netlink(0x10, 0x3, 0x0) splice(r2, 0x0, r4, 0x0, 0x4ffe0, 0x0) 14:16:31 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{}]}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 542.401646][ T26] audit: type=1800 audit(1588169791.507:357): pid=15815 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="loop4" ino=178 res=0 [ 542.453339][T15824] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables 14:16:31 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf32(r0, &(0x7f0000000a80)=ANY=[@ANYBLOB='\n'], 0x1) 14:16:32 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:32 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x91a4e500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() pause() tkill(r2, 0x33) 14:16:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') [ 543.499343][ T29] attempt to access beyond end of device [ 543.529664][ T29] loop5: rw=1, want=3833, limit=63 14:16:32 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x91a4e500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() pause() tkill(r2, 0x33) [ 543.610602][ T29] attempt to access beyond end of device [ 543.626909][ T29] loop5: rw=1, want=5881, limit=63 [ 543.672534][ T29] attempt to access beyond end of device [ 543.710916][ T29] loop5: rw=1, want=7929, limit=63 [ 543.807494][ T29] attempt to access beyond end of device 14:16:33 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 543.875141][ T29] loop5: rw=1, want=9977, limit=63 14:16:33 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{}]}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 543.970967][ T29] attempt to access beyond end of device [ 544.000353][ T29] loop5: rw=1, want=12025, limit=63 [ 544.079755][ T29] attempt to access beyond end of device [ 544.193389][ T29] loop5: rw=1, want=14073, limit=63 14:16:33 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r4, 0x0, r5) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 14:16:33 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x91a4e500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() pause() tkill(r2, 0x33) 14:16:33 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 544.324828][ T29] attempt to access beyond end of device [ 544.382919][ T29] loop5: rw=1, want=16121, limit=63 14:16:33 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 544.486421][ T29] attempt to access beyond end of device [ 544.553163][ T29] loop5: rw=1, want=18169, limit=63 [ 544.652185][ T29] attempt to access beyond end of device 14:16:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') 14:16:33 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 544.722660][ T29] loop5: rw=1, want=20217, limit=63 [ 544.812172][ T29] attempt to access beyond end of device [ 544.843383][ T29] loop5: rw=1, want=22265, limit=63 14:16:34 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 544.882920][ T29] attempt to access beyond end of device [ 544.906821][ T29] loop5: rw=1, want=23945, limit=63 [ 545.000692][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 545.000708][ T26] audit: type=1800 audit(1588169794.107:365): pid=15893 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="loop4" ino=181 res=0 [ 545.079094][ T26] audit: type=1804 audit(1588169794.187:366): pid=15893 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/303/file0/file0" dev="loop4" ino=181 res=1 [ 545.208935][ T26] audit: type=1804 audit(1588169794.317:367): pid=15902 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/303/file0/file0" dev="loop4" ino=181 res=1 [ 545.481785][ T26] audit: type=1804 audit(1588169794.587:368): pid=15908 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/167/file0/bus" dev="loop5" ino=182 res=1 [ 545.587604][ T26] audit: type=1804 audit(1588169794.637:369): pid=15912 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/167/file0/bus" dev="loop5" ino=182 res=1 14:16:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:35 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:35 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{}]}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000008800000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000300000007000000000000000000000000000000480043540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000100000000000000000000000000000000ee00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000500000000000400000000000000000000000000000070009000000000000000000000000000000000000000010020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 14:16:35 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e20}, 0x6e) 14:16:35 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) [ 546.380573][ T26] audit: type=1800 audit(1588169795.487:370): pid=15925 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="loop4" ino=183 res=0 [ 546.519724][T15925] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 546.599657][ T26] audit: type=1804 audit(1588169795.537:371): pid=15939 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/304/file0/file0" dev="loop4" ino=183 res=1 14:16:35 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x2287, 0x0) 14:16:35 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x3, 0x6}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 546.644755][T15925] FAT-fs (loop4): Filesystem has been set read-only 14:16:35 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xeb}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0406618, &(0x7f0000000140)={{0x0, 0x0, @descriptor="d9c5adbbc87d1880"}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'}) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f00000004c0)=""/239, &(0x7f0000000080)=0xef) [ 546.748858][T15925] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17) [ 546.898619][ T26] audit: type=1804 audit(1588169795.597:372): pid=15939 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir764106842/syzkaller.3w3NA3/304/file0/file0" dev="loop4" ino=183 res=1 14:16:36 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) [ 547.087684][ T26] audit: type=1804 audit(1588169795.797:373): pid=15943 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/168/file0/bus" dev="loop5" ino=184 res=1 [ 547.159196][ T26] audit: type=1804 audit(1588169795.847:374): pid=15946 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir286918300/syzkaller.Whg5Qu/168/file0/bus" dev="loop5" ino=184 res=1 14:16:36 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:36 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = msgget$private(0x0, 0x0) msgrcv(r2, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r2, 0x0) 14:16:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000340), 0x1d}, 0xeb081d50f30dcd9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) fchdir(r4) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 14:16:36 executing program 4: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffff) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff38) creat(0x0, 0x0) 14:16:36 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000380)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{}]}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfed4, 0x20c49a, 0x0, 0x27) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r2, 0x0, r3) 14:16:36 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0}}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 14:16:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000000)={0x9180000000000000, 0x0, 0x1}) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) [ 547.806084][T15982] ================================================================== [ 547.814248][T15982] BUG: KCSAN: data-race in do_mpage_readpage / truncate_setsize [ 547.821900][T15982] [ 547.824260][T15982] write to 0xffff88811d59f118 of 8 bytes by task 15993 on cpu 0: [ 547.832001][T15982] truncate_setsize+0x34/0x80 [ 547.836698][T15982] fat_setattr+0x7c5/0x810 [ 547.841130][T15982] notify_change+0x82b/0xad0 [ 547.845738][T15982] do_truncate+0xf9/0x180 [ 547.850089][T15982] path_openat+0x1e51/0x23d0 [ 547.854693][T15982] do_filp_open+0x11e/0x1b0 [ 547.859224][T15982] do_sys_openat2+0x52e/0x680 [ 547.863919][T15982] do_sys_open+0xa2/0x110 [ 547.868353][T15982] __x64_sys_creat+0x42/0x60 [ 547.872961][T15982] do_syscall_64+0xc7/0x3b0 [ 547.877481][T15982] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 547.883375][T15982] [ 547.885746][T15982] read to 0xffff88811d59f118 of 8 bytes by task 15982 on cpu 1: [ 547.893706][T15982] do_mpage_readpage+0x2ce/0xf70 [ 547.898660][T15982] mpage_readpage+0x91/0x110 [ 547.903268][T15982] fat_readpage+0x23/0x40 [ 547.907612][T15982] generic_file_read_iter+0xc34/0x14e0 [ 547.913079][T15982] generic_file_splice_read+0x2df/0x470 [ 547.918634][T15982] do_splice_to+0xc7/0x100 [ 547.923060][T15982] splice_direct_to_actor+0x1b9/0x540 [ 547.928440][T15982] do_splice_direct+0x152/0x1d0 [ 547.933302][T15982] do_sendfile+0x380/0x800 [ 547.937736][T15982] __x64_sys_sendfile64+0x121/0x140 [ 547.942944][T15982] do_syscall_64+0xc7/0x3b0 [ 547.947463][T15982] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 547.953352][T15982] [ 547.955679][T15982] Reported by Kernel Concurrency Sanitizer on: [ 547.961843][T15982] CPU: 1 PID: 15982 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0 [ 547.970533][T15982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.980687][T15982] ================================================================== [ 547.988756][T15982] Kernel panic - not syncing: panic_on_warn set ... [ 547.995359][T15982] CPU: 1 PID: 15982 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0 [ 548.004037][T15982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.014101][T15982] Call Trace: [ 548.017404][T15982] dump_stack+0x11d/0x187 [ 548.021747][T15982] panic+0x210/0x640 [ 548.025656][T15982] ? vprintk_func+0x89/0x13a [ 548.030272][T15982] kcsan_report.cold+0xc/0x1a [ 548.035006][T15982] kcsan_setup_watchpoint+0x3fb/0x440 [ 548.040406][T15982] do_mpage_readpage+0x2ce/0xf70 [ 548.045361][T15982] ? mem_cgroup_commit_charge+0xcf/0x7e0 [ 548.051018][T15982] ? __add_to_page_cache_locked+0x4c8/0x770 [ 548.056925][T15982] ? fat_add_cluster+0xd0/0xd0 [ 548.061800][T15982] mpage_readpage+0x91/0x110 [ 548.066408][T15982] ? fat_add_cluster+0xd0/0xd0 [ 548.071187][T15982] fat_readpage+0x23/0x40 [ 548.075545][T15982] generic_file_read_iter+0xc34/0x14e0 [ 548.081039][T15982] generic_file_splice_read+0x2df/0x470 [ 548.086607][T15982] ? add_to_pipe+0x1b0/0x1b0 [ 548.091212][T15982] do_splice_to+0xc7/0x100 [ 548.095640][T15982] splice_direct_to_actor+0x1b9/0x540 [ 548.101030][T15982] ? generic_pipe_buf_nosteal+0x20/0x20 [ 548.106590][T15982] do_splice_direct+0x152/0x1d0 [ 548.111459][T15982] do_sendfile+0x380/0x800 [ 548.115917][T15982] __x64_sys_sendfile64+0x121/0x140 [ 548.121134][T15982] do_syscall_64+0xc7/0x3b0 [ 548.125659][T15982] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.131554][T15982] RIP: 0033:0x45c829 [ 548.135458][T15982] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 548.155073][T15982] RSP: 002b:00007ff875130c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 548.163492][T15982] RAX: ffffffffffffffda RBX: 00000000004fc040 RCX: 000000000045c829 [ 548.171477][T15982] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 548.179454][T15982] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 548.187520][T15982] R10: 00008400fffffffa R11: 0000000000000246 R12: 00000000ffffffff [ 548.195504][T15982] R13: 00000000000008d6 R14: 00000000004cb7a1 R15: 00007ff8751316d4 [ 548.204865][T15982] Kernel Offset: disabled [ 548.209342][T15982] Rebooting in 86400 seconds..