tem_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/660/file0/bus" dev="loop1" ino=99 res=1
[  616.089559] audit: type=1804 audit(1587358661.566:277): pid=11510 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/660/file0/bus" dev="loop1" ino=99 res=1
04:57:42 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)

04:57:42 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
creat(&(0x7f0000000280)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

04:57:42 executing program 0:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f43935", 0xb7)

04:57:42 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000080)={@multicast2, @loopback}, 0xc)
getsockopt$inet_opts(r2, 0x0, 0x19, 0x0, &(0x7f00000002c0))

04:57:42 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)

[  616.618329] attempt to access beyond end of device
[  616.633508] loop1: rw=1, want=6913, limit=63
[  616.646944] attempt to access beyond end of device
[  616.652469] loop1: rw=1, want=11009, limit=63
[  616.683795] attempt to access beyond end of device
[  616.696105] loop1: rw=1, want=13709, limit=63
04:57:42 executing program 0:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x705, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x4000000006ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f00000095c0)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000007c0)=""/198, 0xc6}], 0x1}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt_cache\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x5d, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)

[  616.745220] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:42 executing program 2:
r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000180)={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2266ddfa"}, 0x0, 0x0, @userptr})

04:57:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)

04:57:42 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200)='batadv\x00')
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="040027bd7000fedbdf250200000005003300000000000500350014de24ff04002f000000000005002d0000000000d8003000010000000800320000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20040004}, 0x10000004)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x78, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0xb2b, 0x20004}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5, 0xa, 0x1}, @IFLA_GENEVE_TTL_INHERIT={0x5}, @IFLA_GENEVE_TTL={0x5, 0x3, 0x1a}, @IFLA_GENEVE_UDP_CSUM={0x5}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @ipv4={[], [], @loopback}}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x78}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240), 0x400)

04:57:42 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read(r2, 0x0, 0x0)

04:57:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  617.195917] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  617.386690] audit: type=1804 audit(1587358662.806:278): pid=11655 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/661/file0/bus" dev="loop1" ino=100 res=1
[  617.438738] audit: type=1804 audit(1587358662.946:279): pid=11660 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/661/file0/bus" dev="loop1" ino=100 res=1
04:57:43 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:43 executing program 2:
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0x4}}]}, 0x38}}, 0x0)

04:57:43 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)

04:57:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:43 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200)='batadv\x00')
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="040027bd7000fedbdf250200000005003300000000000500350014de24ff04002f000000000005002d0000000000d8003000010000000800320000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20040004}, 0x10000004)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x78, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0xb2b, 0x20004}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5, 0xa, 0x1}, @IFLA_GENEVE_TTL_INHERIT={0x5}, @IFLA_GENEVE_TTL={0x5, 0x3, 0x1a}, @IFLA_GENEVE_UDP_CSUM={0x5}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @ipv4={[], [], @loopback}}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x78}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240), 0x400)

[  617.903674] attempt to access beyond end of device
[  617.908654] loop1: rw=1, want=8805, limit=63
[  617.932837] attempt to access beyond end of device
[  617.938508] loop1: rw=1, want=12901, limit=63
[  617.948982] attempt to access beyond end of device
[  617.958042] loop1: rw=1, want=13081, limit=63
04:57:43 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x442000, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x6000)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000180)=""/17, &(0x7f0000000200)=0x11)
r1 = open(0x0, 0x0, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000080000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100"/220], 0x1)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffe)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000280)={@remote, 0x25})
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2ee31, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xf}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x3c]}]}, 0x48}}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r3, 0x0, 0x0, 0x0, {0x4}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x4)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)

04:57:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  618.165804] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:43 executing program 5:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, 0x0)

04:57:43 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}], 0x3, 0x0)

[  618.418710] audit: type=1804 audit(1587358663.976:280): pid=11758 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/662/file0/bus" dev="loop1" ino=101 res=1
04:57:44 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x442000, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x6000)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000180)=""/17, &(0x7f0000000200)=0x11)
r1 = open(0x0, 0x0, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000080000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100"/220], 0x1)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffe)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000280)={@remote, 0x25})
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2ee31, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xf}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x3c]}]}, 0x48}}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r3, 0x0, 0x0, 0x0, {0x4}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x4)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)

[  618.589577] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  618.617659] audit: type=1804 audit(1587358664.156:281): pid=11780 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/662/file0/bus" dev="loop1" ino=101 res=1
[  619.085321] attempt to access beyond end of device
[  619.098699] loop1: rw=1, want=7877, limit=63
[  619.119673] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  619.122894] attempt to access beyond end of device
[  619.136584] loop1: rw=1, want=10489, limit=63
04:57:45 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:57:45 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}], 0x3, 0x0)

04:57:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:45 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)

04:57:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:45 executing program 2:

04:57:45 executing program 2:

04:57:45 executing program 5:

04:57:45 executing program 2:

[  620.189170] audit: type=1804 audit(1587358665.746:282): pid=11900 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/663/file0/bus" dev="loop1" ino=102 res=1
04:57:45 executing program 2:

04:57:45 executing program 5:

04:57:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  620.306969] audit: type=1804 audit(1587358665.866:283): pid=11910 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/663/file0/bus" dev="loop1" ino=102 res=1
[  620.332424] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  620.704375] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  620.906347] attempt to access beyond end of device
[  620.919828] loop1: rw=1, want=7841, limit=63
[  620.927264] attempt to access beyond end of device
[  620.943802] loop1: rw=1, want=10605, limit=63
[  621.250025] NOHZ: local_softirq_pending 08
04:57:48 executing program 2:

04:57:48 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:57:48 executing program 5:

04:57:48 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:48 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:48 executing program 5:

04:57:48 executing program 2:

04:57:48 executing program 5:

04:57:48 executing program 2:

04:57:48 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8405672662be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94", @ANYRESOCT], 0x0, 0x120}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  623.138569] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:48 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  623.271103] audit: type=1804 audit(1587358668.836:284): pid=12027 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/664/file0/bus" dev="loop1" ino=103 res=1
[  623.548147] audit: type=1804 audit(1587358669.106:285): pid=12039 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/664/file0/bus" dev="loop1" ino=103 res=1
[  623.931786] attempt to access beyond end of device
[  623.936764] loop1: rw=1, want=12977, limit=63
[  623.945271] attempt to access beyond end of device
[  623.950760] loop1: rw=1, want=13185, limit=63
04:57:51 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:57:51 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:51 executing program 2:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@local, @ipv4={[0x0, 0x0, 0x8], [], @empty}, @dev={0xfe, 0x80, [0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0xb, 0x8, 0x0, 0x2, 0x0, 0x10]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000a, r3})

04:57:51 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:51 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:51 executing program 2:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@local, @ipv4={[0x0, 0x0, 0x8], [], @empty}, @dev={0xfe, 0x80, [0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0xb, 0x8, 0x0, 0x2, 0x0, 0x10], 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000a, r3})

04:57:51 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:51 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0)
write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick=0xffffff92, {}, {}, @quote}], 0xff33)

[  626.116807] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:51 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:51 executing program 5:
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x100901, 0x0)

[  626.256239] audit: type=1804 audit(1587358671.816:286): pid=12108 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/665/file0/bus" dev="loop1" ino=104 res=1
04:57:51 executing program 5:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
lchown(&(0x7f0000000180)='./bus/file0\x00', 0xffffffffffffffff, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x3110caa, 0x0)

[  626.407807] audit: type=1804 audit(1587358671.916:287): pid=12123 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/665/file0/bus" dev="loop1" ino=104 res=1
04:57:52 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1)

[  626.489307] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  626.514773] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  626.955750] attempt to access beyond end of device
[  626.974483] loop1: rw=1, want=6069, limit=63
[  627.005948] attempt to access beyond end of device
[  627.014160] loop1: rw=1, want=10165, limit=63
[  627.020857] attempt to access beyond end of device
[  627.025796] loop1: rw=1, want=11377, limit=63
04:57:54 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:57:54 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:54 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0))

04:57:54 executing program 5:
ioperm(0x0, 0x401, 0x8000)

04:57:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:54 executing program 2:
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c75707065726469723d2e2f66696c65309976c3f73b022365ac8e89445d1169ddd4aa57de7e797a716355b1530522ca104df3d8d5d551f33f8620c711c1e68836e84f53b45c2d5c8b"])

04:57:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
pipe2(&(0x7f0000000080), 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:57:54 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0)
write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick=0xffffff93, {}, {}, @quote}], 0xff33)

[  629.140234] overlayfs: failed to resolve './file0™vÃ÷;#e¬Ž‰D]iÝÔªWÞ~yzqcU±S"ÊMóØÕÕQó?† ÇÁæˆ6èOS´-‹': -2
[  629.194698] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.210939] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
04:57:54 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  629.248179] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  629.268562] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.288898] audit: type=1804 audit(1587358674.846:288): pid=12233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/666/file0/bus" dev="loop1" ino=105 res=1
[  629.323096] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.359367] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
04:57:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  629.414067] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.463474] audit: type=1804 audit(1587358675.026:289): pid=12241 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/666/file0/bus" dev="loop1" ino=105 res=1
[  629.506681] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
04:57:55 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  629.583519] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.618938] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  629.655400] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.719686] kvm [12198]: vcpu0, guest rIP: 0xcc ignored wrmsr: 0x11e data 0xbe702110
[  629.981902] attempt to access beyond end of device
[  629.987611] loop1: rw=1, want=6889, limit=63
04:57:57 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:57:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:57 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r0, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0)
mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES64], 0x1}}, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nvme-fabrics\x00', 0x301480, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000480)={0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0xc0c0583b, &(0x7f0000000080))

04:57:57 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:57 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:57:57 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x94, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x74, 0x12, 0x0, 0x1, @ip6gre={{0xb, 0x1, 'ip6gre\x00'}, {0x64, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @mcast1}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x8000}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0xff}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e22}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x2}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x1000}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)

04:57:57 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r0, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0)
mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES64], 0x1}}, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nvme-fabrics\x00', 0x301480, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000480)={0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0xc0c0583b, &(0x7f0000000080))

[  632.253446] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  632.312528] audit: type=1804 audit(1587358677.876:290): pid=12360 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/667/file0/bus" dev="loop1" ino=106 res=1
04:57:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:57:58 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:58 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:57:58 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r0, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0)
mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES64], 0x1}}, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nvme-fabrics\x00', 0x301480, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000480)={0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0xc0c0583b, &(0x7f0000000080))

[  632.755269] audit: type=1804 audit(1587358678.316:291): pid=12388 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/667/file0/bus" dev="loop1" ino=106 res=1
[  632.756989] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12369 comm=syz-executor.4
[  632.926276] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:57:58 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:00 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='systemem0md5sum$\x00', 0x0)
r1 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0)
pipe(&(0x7f0000000280))
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
close(r1)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='sessionid\x00')

04:58:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:00 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:00 executing program 5:
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x97)
setreuid(0x0, r1)
mkdir(&(0x7f0000000040)='./bus/file0\x00', 0x0)

04:58:00 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:00 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:00 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x1004e20, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10)
sendto$inet(r0, &(0x7f00000004c0)="73fa46f879d827383a62aa83935b7ed5ca86204c034b000000000000000000000000fdc6a82f11037bad21eca999c7fdd66e773d8113171561e1ea1a069ef68fbf1e9f6b", 0x44, 0x4008800, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000080)="bf", 0x1}], 0x1)
recvmmsg(r0, &(0x7f0000001080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

04:58:00 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "60f2c8a66b00000000000000000000004000"})

04:58:00 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r1, 0x0, 0xb6, 0x0)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r2, r1)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:00 executing program 5:
gettid()
socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0)
sendfile(r1, r0, 0x0, 0x20000000000000d8)
syz_genetlink_get_family_id$netlbl_unlabel(0x0)
pipe(&(0x7f00000001c0))
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
creat(0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000002c0), 0x5)
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x20004814)

[  635.298236] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  635.370588] audit: type=1804 audit(1587358680.936:292): pid=12493 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/668/file0/bus" dev="loop1" ino=107 res=1
04:58:01 executing program 2:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
accept4(r0, &(0x7f00000002c0)=@tipc=@name, &(0x7f0000000180)=0x80, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0xd, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:58:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  635.625859] audit: type=1804 audit(1587358681.186:293): pid=12510 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/668/file0/bus" dev="loop1" ino=107 res=1
04:58:01 executing program 5:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
connect(r2, &(0x7f0000000240)=@xdp={0x2c, 0x4, 0x0, 0x5}, 0x80)
mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
chmod(&(0x7f00000001c0)='./file0\x00', 0xd1)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0x0, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_IFALIAS={0x14, 0x14, 'veth0_to_bridge\x00'}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)

04:58:01 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  636.143042] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.150747] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.370783] audit: type=1804 audit(1587358681.936:294): pid=12539 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/669/file0/bus" dev="loop1" ino=108 res=1
[  636.434220] audit: type=1804 audit(1587358681.986:295): pid=12545 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/669/file0/bus" dev="loop1" ino=108 res=1
[  636.590519] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  636.635545] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  636.811281] device vlan0 left promiscuous mode
[  637.043294] attempt to access beyond end of device
[  637.048256] loop1: rw=1, want=5153, limit=63
[  637.059133] attempt to access beyond end of device
[  637.077010] loop1: rw=1, want=9249, limit=63
[  637.092511] attempt to access beyond end of device
[  637.097931] loop1: rw=1, want=13345, limit=63
[  637.115578] attempt to access beyond end of device
[  637.121267] loop1: rw=1, want=17441, limit=63
[  637.129372] device vxlan0 left promiscuous mode
[  637.129599] attempt to access beyond end of device
[  637.139047] loop1: rw=1, want=19349, limit=63
[  637.148319] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  637.229009] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.235637] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.373003] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  637.393591] batman_adv: batadv0: Interface deactivated: batadv_slave_1
04:58:03 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:03 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:03 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r1, 0x0, 0xb6, 0x0)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r2, r1)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:03 executing program 2:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
accept4(r0, &(0x7f00000002c0)=@tipc=@name, &(0x7f0000000180)=0x80, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0xd, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:58:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:03 executing program 5:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
connect(r2, &(0x7f0000000240)=@xdp={0x2c, 0x4, 0x0, 0x5}, 0x80)
mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
chmod(&(0x7f00000001c0)='./file0\x00', 0xd1)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0x0, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_IFALIAS={0x14, 0x14, 'veth0_to_bridge\x00'}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)

04:58:03 executing program 2:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
accept4(r0, &(0x7f00000002c0)=@tipc=@name, &(0x7f0000000180)=0x80, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0xd, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:58:03 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={r2, 0x10, &(0x7f0000000200)={0x0, 0x0, <r3=>0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=r3, 0x4)

[  638.289997] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  638.383442] audit: type=1804 audit(1587358683.946:296): pid=12619 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/670/file0/bus" dev="loop1" ino=109 res=1
04:58:04 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r1, 0x0, 0xb6, 0x0)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r2, r1)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:04 executing program 2:
clone(0xe0000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
tkill(0x0, 0x0)

[  638.714463] IPVS: ftp: loaded support on port[0] = 21
[  638.974166] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  639.456391] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  639.779054] audit: type=1804 audit(1587358685.296:297): pid=12726 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/670/file0/bus" dev="loop1" ino=109 res=1
04:58:06 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:06 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:06 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c1030000030000002004000000000000800200000000000000000000000000005003000050030000090000005003000050030000030000000000000000000000fe8000000000000000000000000004bbff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e6400a7d2b46ea70378d7300000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000000000500280020000000000000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000000000000027465616d5f736c6176655f3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffee000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000fe18b61a000800000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000173797a6b616c6c657231000000000000000000000000000004000000000000000000000005000000a600000000001a0000000000000000003000434f4e4e4d41524b00000000000000000000000000000000000d00000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000feff000000feffffff"], 0x1)
syz_emit_ethernet(0x4e, &(0x7f0000000640)={@broadcast, @random="f8eb86c23a97", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4df88c", 0x18, 0x3a, 0x0, @rand_addr=' \x01\x00', @mcast2, {[], @mld={0x82, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)

04:58:06 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:06 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, 0x0)

[  641.311949] cannot load conntrack support for proto=10
04:58:06 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  641.454801] audit: type=1804 audit(1587358687.016:298): pid=12803 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/671/file0/bus" dev="loop1" ino=110 res=1
04:58:07 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:07 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:07 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  642.058270] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  642.067027] audit: type=1804 audit(1587358687.396:299): pid=12824 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/671/file0/bus" dev="loop1" ino=110 res=1
04:58:07 executing program 5:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
accept4(r0, &(0x7f00000002c0)=@tipc=@name, &(0x7f0000000180)=0x80, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
connect(r2, &(0x7f0000000240)=@xdp={0x2c, 0x4, 0x0, 0x5}, 0x80)
mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
chmod(&(0x7f00000001c0)='./file0\x00', 0xd1)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0x0, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_IFALIAS={0x14, 0x14, 'veth0_to_bridge\x00'}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)

04:58:07 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b2000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  642.160172] attempt to access beyond end of device
[  642.201568] loop1: rw=1, want=15289, limit=63
[  642.234381] attempt to access beyond end of device
[  642.293502] loop1: rw=1, want=15409, limit=63
[  642.458850] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  642.667113] audit: type=1804 audit(1587358688.226:300): pid=12890 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/672/file0/bus" dev="loop1" ino=111 res=1
[  642.771209] audit: type=1804 audit(1587358688.276:301): pid=12894 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/672/file0/bus" dev="loop1" ino=111 res=1
[  643.412895] attempt to access beyond end of device
[  643.417866] loop1: rw=1, want=4853, limit=63
[  643.425643] attempt to access beyond end of device
[  643.431072] loop1: rw=1, want=8949, limit=63
[  643.437907] attempt to access beyond end of device
[  643.442922] loop1: rw=1, want=13045, limit=63
[  643.450296] attempt to access beyond end of device
[  643.455236] loop1: rw=1, want=17141, limit=63
[  643.461385] attempt to access beyond end of device
[  643.466311] loop1: rw=1, want=17953, limit=63
04:58:09 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:09 executing program 2:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x42)
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x0, 0x300)
splice(r0, 0x0, r2, 0x0, 0x100000, 0x0)

04:58:09 executing program 5:
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00')
accept4(r0, &(0x7f00000002c0)=@tipc=@name, &(0x7f0000000180)=0x80, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
connect(r2, &(0x7f0000000240)=@xdp={0x2c, 0x4, 0x0, 0x5}, 0x80)
mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
chmod(&(0x7f00000001c0)='./file0\x00', 0xd1)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', 0x0, ':chain\x00'})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000380)={0x2, 0x1, 0x0, 0x0, 0x11e, &(0x7f00000005c0)="6e77368e35b65df6672e99131c494bb5b8f114bbfde3202348b6030e2e6a7b05f7dcb24ac4754412e5dd7629bb6e2daf01fcf270e96cbbdd48ee4be650229b35d26bb3a79f2016f012683eb6ffda39ce30c0b099187199d613d885b29028bcc27bcbda29d6bbe86093c2f08868b3b2a8144fb3527821f73b75288ea239a064a629b4111e0854bcb297ced2bfdbc24c6d3dbd6dde6696c11467c6c0dddc177b1b007274ea0ec807fd03aa5f5e5c794cfd8fcdb32a652ac786664439bd480b6b91c37173a23cfb30b1aae7c175001b4b3e1fa69b36b9c6af93e2f3a739497722600f73991e377f82e6e34f66185d85d52d38e418f61065d18da8760661541eb8ccef7a8f65a21d1324b69c03633255fd603d8cdf0cdea13b182d7c87415b8851af063f6abce59b09df9f5f335c8978bd2b564aa2cf9a6164d752c3d1baba68d223105388ae9d9213f5798bbcdda0783060a09d077e7fb1b884dd1f0e43ba6a6d5b6b5b8de8a0c1a8c841e7e901b4cee72b2371f1bcce09c922e49e6a080edd9b379bdd776e5b92b444535fc698cda3e77448838ec39313cf2b40616f44eeeb87c20157878c8c25e273839c0c0942c841a1befce224da4b3ddce14003631c9cea503760da62019f74313e4f9b6a7e445b9d9daa2904f2124fb69177025bf8743fd4a7f8f71ad2a45fe8e9c72c6cf420b77f539cae19401ce6f82b9aa4d1c3d87fa17b3e7ee344f09ede3c3a647446282ebf5ff34d06446dc34217ed0f2fe67d3574342086810c16b295765d5edfeb23acb990b52532986b9dacfa8a23b3aa665d12cd3c3f7e541463f69f3865152c67fe9dfcd591cf45403ad8f8cb302828ec8e9ed7d72b3d34dda71fb376322a8c051f264c7f168accc0e4f07f44f5186b30d3df07d5bbb531121baf005bc825763b8c9d348e4e60da176ffc329e4516bb68d9bae0fb2a2ee3a903e2947f186e1f28b9b883b2f1a0fd26fbf54b094f9c31fe8abc6c9926b8e0c2abd09ed1c96b16cf45ff9febb25283f8dae95accf1d40be2ea8552afc83159afc4e7846337de1d44e27c9115d65db093b9c7afa9a40983703cb7f2c786bce14719eaa28af8004b10d60e6e2f68e30e0c77042275f7ac80b2baf130d2968902741e6e2ad862104b31bc551bd0564048bca995881e96a8570d84bb2d29d45db21b5180fb60a28138809496f7e53250e426a10b6ca699ba33e433ed188b3b33ed5865f074fb2e627d254ccb2ab7e30ade70f6d59c3ab88eb3deb52665b63bfb26d5a08450b2a17f91285b2a29a9a4561696e96e73d215828d495e9df1bd3cecf3ee0ce988ef7ce58febc97957e87aaadf9b2ee001a2c3d3d98c832413109b9161a6ee3ddc350a036b1929ad2e5e56f4c1aae58f6f09d9d748b206e0dd165a0ee5383c2e482064be78f2573308e0725b4529da0549f4a826c9a507e4"})
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_IFALIAS={0x14, 0x14, 'veth0_to_bridge\x00'}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)

04:58:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b2000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:09 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:09 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  644.388965] audit: type=1804 audit(1587358689.946:302): pid=12937 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/673/file0/bus" dev="loop1" ino=112 res=1
[  644.597646] audit: type=1804 audit(1587358690.026:303): pid=12953 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/673/file0/bus" dev="loop1" ino=112 res=1
[  644.640918] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:10 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYRES64, @ANYPTR, @ANYRESOCT, @ANYRESDEC, @ANYRES16, @ANYRESDEC, @ANYRESOCT, @ANYRES16, @ANYBLOB="5f014162eb1d8ea2ab8587c4bfb7b2d6cc5b573da02d51501a7af668093a863cab3bbfe87f0589c4d0a7f45849ba50b1d7a4f645337785271945fdb2c1dbf7e29ab07109b62d6ab36b3b4ce27a1b729bce4bd161058a9ebc51f9360f420b547d54ce4851df3d099b8c790985adcf4db3707bb4009375eee6c22926b0"], 0x0, 0xe6}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/2, 0x2}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b2000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  644.903344] ptrace attach of "/root/syz-executor.5"[12963] was attempted by "/root/syz-executor.5"[12965]
04:58:10 executing program 5:
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0)
read(r0, &(0x7f00000002c0)=""/135, 0x87)

04:58:10 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  645.134103] attempt to access beyond end of device
[  645.139122] loop1: rw=1, want=5685, limit=63
04:58:10 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c1030000030000002004000000000000800200000000000000000000000000005003000050030000090000005003000050030000030000000000000000000000fe8000000000000000000000000004bbff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e6400a7d2b46ea70378d7300000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000000000500280020000000000000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000000000000027465616d5f736c6176655f3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffee000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000fe18b61a000800000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000173797a6b616c6c657231000000000000000000000000000004000000000000000000000005000000a600000000001a0000000000000000003000434f4e4e4d41524b00000000000000000000000000000000000d00000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000feff000000feffffff"], 0x1)

[  645.180728] attempt to access beyond end of device
[  645.185938] loop1: rw=1, want=9781, limit=63
[  645.195935] attempt to access beyond end of device
[  645.226785] loop1: rw=1, want=13877, limit=63
[  645.238148] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:10 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  645.273286] attempt to access beyond end of device
[  645.295280] loop1: rw=1, want=17973, limit=63
[  645.335813] attempt to access beyond end of device
[  645.349570] loop1: rw=1, want=20945, limit=63
[  645.360982] cannot load conntrack support for proto=10
[  645.797122] audit: type=1804 audit(1587358691.356:304): pid=13029 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/674/file0/bus" dev="loop1" ino=113 res=1
[  645.866168] audit: type=1804 audit(1587358691.406:305): pid=13033 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/674/file0/bus" dev="loop1" ino=113 res=1
[  646.551594] attempt to access beyond end of device
[  646.556550] loop1: rw=1, want=4873, limit=63
[  646.566488] attempt to access beyond end of device
[  646.571955] loop1: rw=1, want=8969, limit=63
[  646.578599] attempt to access beyond end of device
[  646.584258] loop1: rw=1, want=13065, limit=63
[  646.593109] attempt to access beyond end of device
[  646.598047] loop1: rw=1, want=17161, limit=63
[  646.605527] attempt to access beyond end of device
[  646.611081] loop1: rw=1, want=21257, limit=63
[  646.616703] attempt to access beyond end of device
[  646.622728] loop1: rw=1, want=22349, limit=63
04:58:12 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:12 executing program 2:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x42)
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x0, 0x300)
splice(r0, 0x0, r2, 0x0, 0x100000, 0x0)

04:58:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:12 executing program 5:

04:58:12 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:12 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:12 executing program 5:

04:58:12 executing program 5:

[  647.442130] audit: type=1804 audit(1587358693.006:306): pid=13086 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/675/file0/bus" dev="loop1" ino=114 res=1
[  647.461960] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:13 executing program 5:

[  647.797100] audit: type=1804 audit(1587358693.046:307): pid=13098 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/675/file0/bus" dev="loop1" ino=114 res=1
04:58:13 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:13 executing program 5:

[  648.139763] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  648.214546] attempt to access beyond end of device
[  648.238011] loop1: rw=1, want=4905, limit=63
[  648.261972] attempt to access beyond end of device
[  648.267639] loop1: rw=1, want=9001, limit=63
[  648.282252] attempt to access beyond end of device
[  648.287632] loop1: rw=1, want=13097, limit=63
[  648.300864] attempt to access beyond end of device
[  648.306233] loop1: rw=1, want=17193, limit=63
[  648.320061] attempt to access beyond end of device
[  648.325429] loop1: rw=1, want=20973, limit=63
04:58:15 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:15 executing program 5:

04:58:15 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:15 executing program 2:

04:58:15 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:15 executing program 2:

04:58:15 executing program 5:

04:58:15 executing program 3:
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:16 executing program 2:

04:58:16 executing program 2:

[  650.489102] audit: type=1804 audit(1587358696.046:308): pid=13192 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/676/file0/bus" dev="loop1" ino=115 res=1
[  650.583147] audit: type=1804 audit(1587358696.126:309): pid=13210 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/676/file0/bus" dev="loop1" ino=115 res=1
[  650.671897] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:16 executing program 5:

[  651.213732] attempt to access beyond end of device
[  651.219030] loop1: rw=1, want=5597, limit=63
[  651.228447] attempt to access beyond end of device
[  651.234712] loop1: rw=1, want=9693, limit=63
[  651.243907] attempt to access beyond end of device
[  651.249765] loop1: rw=1, want=13789, limit=63
[  651.258328] attempt to access beyond end of device
[  651.263810] loop1: rw=1, want=17885, limit=63
[  651.271334] attempt to access beyond end of device
[  651.276513] loop1: rw=1, want=19525, limit=63
04:58:18 executing program 5:

04:58:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:18 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:18 executing program 2:

04:58:18 executing program 3:
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:18 executing program 2:

04:58:18 executing program 3:
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:19 executing program 5:

04:58:19 executing program 2:

[  653.510871] audit: type=1804 audit(1587358699.076:310): pid=13255 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/677/file0/bus" dev="loop1" ino=116 res=1
04:58:19 executing program 3:
mknod(0x0, 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:19 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:19 executing program 2:

04:58:19 executing program 2:

[  653.574480] audit: type=1804 audit(1587358699.116:311): pid=13263 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/677/file0/bus" dev="loop1" ino=116 res=1
[  653.674295] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  654.243513] attempt to access beyond end of device
[  654.248529] loop1: rw=1, want=5745, limit=63
[  654.274153] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  654.280447] attempt to access beyond end of device
[  654.290070] loop1: rw=1, want=9841, limit=63
[  654.312073] attempt to access beyond end of device
[  654.345254] loop1: rw=1, want=13937, limit=63
[  654.363153] attempt to access beyond end of device
[  654.370274] loop1: rw=1, want=18033, limit=63
[  654.377827] attempt to access beyond end of device
[  654.384710] loop1: rw=1, want=20469, limit=63
04:58:21 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:21 executing program 5:

04:58:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:21 executing program 2:

04:58:21 executing program 3:
mknod(0x0, 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:22 executing program 2:

04:58:22 executing program 5:

04:58:22 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:22 executing program 2:

04:58:22 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
syz_open_dev$sg(0x0, 0x0, 0x0)
creat(0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x65142, 0x0)
write$sndseq(r0, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0x1fee00)

[  656.549514] audit: type=1804 audit(1587358702.106:312): pid=13365 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/678/file0/bus" dev="loop1" ino=117 res=1
[  656.684645] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:22 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  656.866017] audit: type=1804 audit(1587358702.156:313): pid=13387 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/678/file0/bus" dev="loop1" ino=117 res=1
04:58:22 executing program 3:
mknod(0x0, 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  657.130690] audit: type=1800 audit(1587358702.696:314): pid=13409 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=16753 res=0
04:58:22 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9, 0x1, 'cake\x00'}, {0x4}}]}, 0x34}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)

04:58:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:22 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  657.254551] audit: type=1800 audit(1587358702.796:315): pid=13409 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=15843 res=0
04:58:22 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:22 executing program 2:
socket$inet_dccp(0x2, 0x6, 0x0)
pipe(&(0x7f0000000080))
socket$unix(0x1, 0x2, 0x0)
socket$inet(0x2, 0x2, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000000), 0x4)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x154ab, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000074774270600fd5721540001a381", @ANYRES32=0x0, @ANYBLOB="7fff0002810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a0009d35b4f000000b0b9cad4a128c1aa7cf61985c3b5501bf08bd76e2d3fec8a72e13e5652c08b043723262ef1db55855e9b9c3c4f3d85375cfa53566d1becb85f7297cb072cd567309e4df2d41485c9b6a83c953a21aa2bc729067a2c1827fb817eec56022b28d49a32965d048e336c6476967ed3c025b32265056d7425277c36a7a00c7f44c83d98fd505c6a5bcb8b98a24740f4acfe372790fb0130a6c5472d2c1863fdd50101acad39036ed431db5f4ba99a97b267f26fbcb9e223ab48d4fb4d4800"/258, @ANYRES32, @ANYBLOB="6326ffc30340a59af4c3650421f9a53779861026db4f87ee68e87ed537d5b2e957e1fac165be3eb3525154f627927737456b54921f664921e1615264cc762c1897040a46383502d392ed1257af1867305485dc560b67fa9950386e7db2d758db44374265b739aa0ef89144e87a9d103673ba1bd44d8ac64e5e1a8e45feb9975e5e59879040e381a0a90106099ffc40614fb85e437e5d5f0594c0c90aee9086e0a95f63a8fda63eb23fd475c61ecf1380a9826fd69c6f64bf79710e7e1d75e2c791eb7b1da2588ef923b129222614c86e1892839589b3296bf073a802c252d7bc999adfe63ad0e5a6481eae74204aaf21e9a35fb75021aed14e4316d80366759f3721129b4b22d76ae9a0ee81a5763fccb56c0b7839162d7dec6e507c0c399c4f96c83d6effba4d4a6a57d72568801749edaebceb95f2e5e6053dc7810000000000d2e300000000000000802a053ff135a884acd570989d6b2e317017d12b59b9ee5bc2b8db3cb26e5cbd00"/377], 0x50}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0))
sendmmsg$alg(r0, &(0x7f0000000000), 0x4924924924924cb, 0x0)

04:58:22 executing program 5:
socket$inet6(0xa, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000480)={r2, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x14)

[  657.343278] attempt to access beyond end of device
[  657.360352] loop1: rw=1, want=4901, limit=63
[  657.397998] attempt to access beyond end of device
[  657.405111] loop1: rw=1, want=8997, limit=63
[  657.432186] attempt to access beyond end of device
[  657.438021] loop1: rw=1, want=13093, limit=63
04:58:23 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c)
listen(r0, 0xfff)
r1 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0x14, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000007780)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0x0, 0x3f}, 0x80, 0x0}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000100), 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000007780)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0x0, 0x3f}, 0x80, 0x0}, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0)
r2 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x10000000}], 0x1c)

[  657.448279] attempt to access beyond end of device
[  657.455079] loop1: rw=1, want=17189, limit=63
[  657.473055] attempt to access beyond end of device
[  657.485215] loop1: rw=1, want=21285, limit=63
[  657.505338] attempt to access beyond end of device
[  657.522025] loop1: rw=1, want=22625, limit=63
04:58:23 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}})
write$tun(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="09000000000000000000609eef7b0f983a00fe8000000000000000000000000000bbff0200000000000000000000000000010300907800000000606595c300000000ff0200000000000000000000000000010000000000000000000000000000000111eb00000000000000576a98f1748bb7fc992b516fed8900e0bf20f7f2e5e38466080be2ae458c2f424242539edd37b796372ff3ae14df3fd96a299e919c925cb8c3ee4e05449c777d56295645d070dea5451d9809040c897f75ca41eabc1117f15a5df1cfc31bbcc6d5d2ba102942196c3f97b056cbf853915e66fadd41cd4eacc53d8f1a9d70bdb8304553b957d075bd928b3f7ad2bdd827827119ec58b37758fba6ac475bca57071b89e86ea9ec66298334996f3adf53db4c852200ed012c4dad79e0a361845e3271d6c554bbd2b83bba1c10f0efb023bf1c5cbdb1d5c5308c88757ef028fe73f4bec5d8f46b67a20964d8fe68ecdb385d1413707945626da2e80c2d1daed20b42cd23c34c40ff37ba2d5d39831958f7c62db9f0fd011d47a9d601b45fc37058df77b98f0693fc82063ca413f9d476b5a954dbb5294243a731bc07097e793ddb750819ccb6622ddce5ef1e5b280c23e1e237de39fa542c8b8bcacba95457b1b0758844789e7a9ed1f7960c627612e8eeab69da5f2eaa4a88d32c9b6e5019ee8cbc06fc06f999cfd7b30dfc06705ad105d93c2dd6344ecebf29d8b1c22455c180a17be22ce8adcd5be47b1b422cac09d6bb5055c1c8b68e82b77e4a988773c24b64a8f703d0bff72fbbb93c305c3836336bae59a8547ab6ca68d02ba23b3a339cabf811d102fffe06a839758516786ff017e81b104d313894345dcf219135f9d6c4c4e2667a83cce7b6f3a6e08c48f5c4f4d6a7572f0ed910a7303ca96c4bf5ab31e1aad75721be4c1fcd0e3d928b87cad80dd206ec5d3913a77de5ac1eeb1ad335daff4144cd08eb78483936768063e77b8ef3ce70c988a3f16d5f976b385130674dcfcfad850b2824b61b3b97de58926f957f365d81ff05da0379baa703422a31edbd783d6661e0c003204a823058c7f7e6a48da28bf6879aa25c014b0dd14f5c039372a7a52c73044770bac630de41f66bbdcde8fac4beb6416dea064769cfab8d0b65ea0ad0fbc14e2ea1637fc653aacba3d4459d0ea3f5f94856ceccf6ee64b001120024f0735df310a674f8125a1e1d11fd29b57656014ee6bde0e1d0770ba0d08ab93a98611869f63f5c7088d5234ae7e2547cb019942fd34a4111a72736ca9cfb1202c714cbc4412d991d6fb4c88d9e5cac1d524bd5944bff6591ff7b889ee6c67253ff4277807b4d99fa2377e7484a7986a63aabd3847557e5498ca6b49f523f0f700142d04ea7e3b1c32f185d203dcdd1caccb5ff266b7bfe07363709292586c95a0406417e16728e1db9eb7e0da2e6ba810d929dc70c9fc4c00ccecf10b25af0d067db77b9fe840d6eeeb4863a3c8dc6d330b83dd0f0c51277e154c93ae45b4887ccbc55c2a4e4fdee36153985ed390f3593a3285dbc7fba520c835aa6d19c6e1475c2b0f1ffb9b19fd1d02b91873560cee3194b0eb635fb3678b3d60149faabf6115bd21d911269eab78cc76161994048bd4fdf63017eb21ebbed7d1a4db7a24bab6cd2d1602f82784412d69073f076c9cd2fe5f6677c67ccba1badd95ea15baa23fb844b1a6278d5821664a4ae34f8aae834a047a10c8293d1e73cc9afc5fd538ef19f796502a0db0d807c5cf7824de881a9730df8142ea66f61f907f895ee8f17ec820d63fe0785d20f45dc3011e3026eac83272b355ea8f1eec57e4ee7b3c36c85dad7fe831f27a7885cc2df232478745848d7516abc5f9e56015509ea12d2fc546f590b88a36a0950ea497042dd478ca6bfcf7c4be73f196702f6fe2ba0711553a649a73faf13190369fe347428649c10640cf34bc683ee2dd3be032edb8d42e860bcc97c65da776e1e93cf32f470b5c79d4007985ad3b9631ad2c74ca411437e9e0d0565fd797265b821ef9254b0eea0651b282efc7967a8c2d7a37315663c2a23f69cdb757927d838bed78857d201254a6a08fb43484d8db7342e686e900b019d9786fe7d0b68f43123ac0341ad6c232072c3a6134802444b18580a8415fd4c6eb53a91319e5b37ee9864a4b241daec81cd0dc88f06015bae2ca2a265e345e52cfe74c530811fd83710f7d58dee6f3f0a502fe3ccacce5c27af02ef9426ba45a7f0ba022eec77fb773f22dab5df87fb7adad50a8fdaa2137a0fcf399ce14dcd25d6410a69a12b9774a5dcb8acae03b31ab3e86b00bce2e9141c592445904014c9639100b9b5377567104bca010b4680b95182dbf3472e41a903ee17b9c02d0b8a4124058691e8f2e8080cd78237b46cdc5a8cbfb70afdcc0c8abe5ea7c9739f9265d4dacece499239490d0342f9808839d92b9812ee2cfeda82b8837e682ed342dc7d72e5fbd514ef19ce6fb02bdfeb649f15391d39f9e60f7fda4f4fec193ff481a2461f575ad9d5bf09ced35145e343d531a15eebb909114c39c04fd63c5f379b30869e111d66ff5d609b4c4e18e52cce0bf75901695ba2e7d6f5281bdf0eb96f53cfbeda2c4bb81e314fd815cf2e529f04e9a99d4d71036fd4116acdcb0909ddd8dc9062eae8efaa21b33c0a8dd0f4500c9fb35a8ff116c38c907c1834de8a19360893a7443facf43f7e9cb9e989ec1bce4d60570b38cb71fb5e9cfd60b5d9c5d92646fd97188a1945cc5e4566ecda068d0c459ff8ebe9e633ad48978b5bb5839a3cd3d00d67cb40ffe6c244d9d8ac85b09b5dbdfc1c513d77e89185e1e145025691728a5d4b92a9b4adf33430cb144a74d7469f5eefe7b7657280f4aa7df86a0413b38f9fb208ff122f003e8d7f5a1db09ec087001db078331e35107c69d9e0b1a71b85c4f2c7e8d4909250fb86ca409774ceeb9fd49a2ec5cf2b584fb57cb3cc8803c2f69b7f4eeb17a2953e00817d166717c11f78631028b565d6623de38d31358705d53b096714875245ba4cd717a668e392bd9814924c869681f0bacf69163c21d333c7020e981a7feb573e2fb9fd03b461046ceeaee4d3a457fe9179a61efc3ad8528277ed4bb13d24f9da90afcf6900e81112285a53e2adac138bc21c11f7ad70376d90c69fdf5b4c4ba60e9eee9bf8b6ba2283256444770259a33b3d8669509532632c9d0779f4d7059b32c7dd49d8a1cb064e81c06d6d213fba0d394ffa682e9247f7f48ee7aa356086d88529bb1db05cab3dc65dbaf973dd1fe52ff77e6d091a3967be7c7517b698b5430579c39547849e74806b53f9c1243e6247b27d6fa4008fed699d76fb0b43b45591ede9c2fda8061a599e3a04bcd4338123c436be729bf4376ddffb07aab9a613152f8f20410ee6884327635e8ea4f1e8089d457901f8bcf5752e99d4ae671c88da616f3e8b2fd5aed803c1355ff911ae8289bcdde1acbc8a20febce9748651307d8fc799874956f14cffb67e092e02b8698c5fcbebd001bc490d8fec3b7c08dccebcc5523d624d311d561bf78f2ad5bf45a681433df56616c3a301fd618c45bf0a8be6c15ccdfed528fca477548cdf600ced244770ba561f934d1fb3d40d1ac19a46949a611a7b2e2aa1d77f3590160a73c1fd8c2b1828eb3cad20fed34b89a496cb553c69266b76dfa70dfbf997ddb79996eb4ef2931648292e5f88298c3888d61ff81cce93e84653dc1e6ba6893c1e59a5a07961afb0052d889e78923c2f5032c284bdbe904b6c6a8b150c83139387c4bc4a15e534d6cf5dd3bab35a156f327f7c6c3119d593ebbb4459f22364e4d0556364313526ae2499f0a657745f7b8ec5e9a17efc5910cdb3d563934cb269de62b217cd6fc353be05d451fb385506195fd16ff18983e59409cfa411ddf64c72f30bde988505645cc937d6074fcd598fbc485be347a9e415fb974859fcf205ebdd06c5be14df45ec21d939c9712f1d8e3075ee0c5982e3b07275fbcbc760d036d292f405d1cfaa41cd0afc23cadb9fb5f80fbab3474d9b4d50802422577687c72a001cea6fe853097e599be50194caa595e36f8d19f8e29709979b80c7e49a71d7d18827ae158adcd53b8653cc2d62c14815c251d50cec7763e7811155b1215f48b12f8ed7f8f70ae9e0a2cba5385698008851929984a9573bb1cd7bd89878b6e4fcec1031a8c3fc88323f6536d8b976bd3e2662da3b4107c2d4f5622ba7e19f52fba81419f1907dadafdc0d4cf2c57f0ef1d358db554c96e66932e0a02a3d0eb7a54b71ea45795ac2a3a45278f97e27d3624a69c85ab43d5f8b6d3501607cdc1978263c8f04340413b780bddf4d23827ba4a04d076ad192ebd75742f773e7861a9041d9dd5a3f2cbe02623648cf3d9ff298e431671f00c898e9028b4ea09be55c7a52f8a9ad645ff1527e85af9d35915211c178b86da27b0523d0ef71e0f4d692b92ae0486f1776e4294a708ee1a535b86b6be9412a43b57eadbabce3e337d68346a1ed69fef8292483e5555ddf56b72a9eed98b4436fd7b1f6db9b6383f0ef2febd74326afccd2859b39f60811204fd5dd19baa31aef16d8a69de6ee72f6131b5eb8871100000000604c879e5bf81361d7b967a4655efa08c2bb6021e0798a3b5906b88db224aa6aa01d8cf60f5cbc8b23d664467d31349f1c95c8b75cc9d48b38947f8f767f4d2e05e2e1957cef41c6baf722969fd2e7d9764acc6f492b853592720f105a29d7663dd28f98fd8d47578a82ca5cc3ee48fc62133f2d944230aad0306937cc7bca006ef05159a830572eb75d9aa18dc360f63aab7a78b488129818cfd557fd59c3543eec411e8e6f254b81c683622b208aebdff411d05e1878c7ac713cb9ec6b11c07ad0859783982fe53df9e83b054b49aa49a63dcbe4a780b746885d65074ced304ddbdc2f2d2886d29f79f03c0846d669211b01daa282f7215e05c8cf2ef6c4515ff96a1351343f28ddaf8e94fe02a4551272a239c0bb41c4916590609c6f47dbab8e6099787979138deba03d3609605b371cf5246fc641b97733080d0979b967df81cba071d28713b19a6ebad07e412124680e89761b413d6ecf1013261d7f96b68497bf35c83a7609eb4d655df10f40981e72bad50b44eca2fb6c10d61db1eba0b58b39abbb1592f43af9c4eb0ada556da4f1b2d68449d054f4ec9ed691d61777f78bc79b3704b73865d740288f459aab81e3b506148ab58c5aa4dea257de8c4e163ce10efd0b10abded85cb9b403fac2061e263269f4aa3736a296a0643c9c28ce55da0176f99179bf41cb08825111013d4dbd2403bb40fd7fc260547e2affb491aae37fd73a638c4746f213e475710c1bdd4d4a27b785cacb198c8d2726273b67d0828f78e6dfb22a19d3cf74213eb647f2e38967a965ead1114f09088efb952d250645be9c1ed332d722fc20526004c5703e9784ede5cb38acf9fc3f0ea26eac076a818a7d18f6d67475712125425117a67839c004937dc278008a075bb05d24148216929768c20742e9410bbccd80686ce7037f464e2774c96f443938e0384f396ea1184a04c7778a8c70bd6b4d624467d4f3206c962948763169fff5826c3b19e1434d6c153757b768cdea54409f8e43d1243ea8dc411515a5d783b472eb1460c7568a97ab07d1d73059005b7647a3460963140e12614f163e24cbd690fd435cdc2d494f00000000000000b9d69a46826c159752f67729a07b6b9a96e825baac3e60c5e252ba77"], 0xfca)

04:58:23 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  657.572686] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:23 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  657.812565] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:23 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sync()
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup2(r2, r2)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)

[  658.016487] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  658.268677] audit: type=1804 audit(1587358703.796:316): pid=13595 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/679/file0/bus" dev="loop1" ino=118 res=1
[  658.321851] audit: type=1804 audit(1587358703.866:317): pid=13598 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/679/file0/bus" dev="loop1" ino=118 res=1
04:58:24 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  659.032350] attempt to access beyond end of device
[  659.037351] loop1: rw=1, want=6225, limit=63
[  659.046237] attempt to access beyond end of device
[  659.051653] loop1: rw=1, want=10321, limit=63
[  659.058445] attempt to access beyond end of device
[  659.064274] loop1: rw=1, want=14417, limit=63
[  659.073207] attempt to access beyond end of device
[  659.078255] loop1: rw=1, want=18513, limit=63
[  659.085994] attempt to access beyond end of device
[  659.091517] loop1: rw=1, want=22609, limit=63
[  659.097040] attempt to access beyond end of device
[  659.103105] loop1: rw=1, want=23221, limit=63
[  659.341731] audit: type=1804 audit(1587358704.906:318): pid=13610 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/680/file0/bus" dev="loop1" ino=119 res=1
[  659.659134] audit: type=1804 audit(1587358704.946:319): pid=13614 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/680/file0/bus" dev="loop1" ino=119 res=1
[  660.121989] attempt to access beyond end of device
[  660.126952] loop1: rw=1, want=4877, limit=63
[  660.136713] attempt to access beyond end of device
[  660.142148] loop1: rw=1, want=8973, limit=63
[  660.148796] attempt to access beyond end of device
[  660.154418] loop1: rw=1, want=13069, limit=63
[  660.161907] attempt to access beyond end of device
[  660.166857] loop1: rw=1, want=17165, limit=63
[  660.175069] attempt to access beyond end of device
[  660.180892] loop1: rw=1, want=21261, limit=63
[  660.187866] attempt to access beyond end of device
[  660.193614] loop1: rw=1, want=25357, limit=63
[  660.199010] attempt to access beyond end of device
[  660.204709] loop1: rw=1, want=25805, limit=63
04:58:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:25 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:25 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c)
listen(r0, 0xfff)
r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84)
r2 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x14, &(0x7f0000000100), 0x4)
sendmsg$kcm(r2, &(0x7f0000007780)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0x0, 0x3f}, 0x80, 0x0}, 0x0)
getpeername(r2, &(0x7f0000000040)=@l2, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0xfffffe00})

04:58:25 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(0x0, 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:25 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c)
listen(r0, 0xfff)
r1 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
sendmsg$kcm(r1, 0x0, 0x0)
socket$kcm(0x11, 0x2, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000080)={0x80000000000000, 0x0, 0x100000001, 0xe, 0x9})
r2 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x10000000}], 0x1c)

04:58:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:25 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(0x0, 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(0x0, 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  660.510179] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  660.626109] audit: type=1804 audit(1587358706.166:320): pid=13677 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/681/file0/bus" dev="loop1" ino=120 res=1
04:58:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  660.835290] audit: type=1804 audit(1587358706.226:321): pid=13681 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/681/file0/bus" dev="loop1" ino=120 res=1
[  661.174223] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13689 comm=syz-executor.4
04:58:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  661.219117] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  661.397371] attempt to access beyond end of device
[  661.443674] loop1: rw=1, want=4885, limit=63
[  661.446940] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  661.485356] attempt to access beyond end of device
[  661.495562] loop1: rw=1, want=8981, limit=63
[  661.513623] attempt to access beyond end of device
[  661.518623] loop1: rw=1, want=13077, limit=63
[  661.567837] attempt to access beyond end of device
[  661.587348] loop1: rw=1, want=17173, limit=63
[  661.595544] attempt to access beyond end of device
[  661.600650] loop1: rw=1, want=18865, limit=63
04:58:29 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:29 executing program 5:
socket$inet6(0xa, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000480)={r2}, 0x14)

04:58:29 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c)
listen(r0, 0xfff)
r1 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
sendmsg$kcm(r1, 0x0, 0x0)
socket$kcm(0x11, 0x2, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000080)={0x80000000000000, 0x0, 0x100000001, 0xe, 0x9})
r2 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x10000000}], 0x1c)

04:58:29 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(0x0, 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:29 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @multicast1}})
write$tun(r0, &(0x7f0000000240)={@void, @val={0x3}, @mpls={[], @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x88, 0x0, @dev, @remote}, @timestamp={0xd, 0x0, 0x0, 0x8, 0x2}}}}, 0x32)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0)

[  663.605998] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  663.649874] kauditd_printk_skb: 3 callbacks suppressed
[  663.667626] audit: type=1804 audit(1587358709.186:325): pid=13845 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/682/file0/bus" dev="loop1" ino=121 res=1
[  663.780426] audit: type=1804 audit(1587358709.266:326): pid=13848 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/682/file0/bus" dev="loop1" ino=121 res=1
04:58:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:29 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(0x0, 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:29 executing program 2:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket$inet(0x2, 0x0, 0x0)

[  664.342926] attempt to access beyond end of device
[  664.348072] loop1: rw=1, want=5157, limit=63
[  664.383052] attempt to access beyond end of device
[  664.395622] loop1: rw=1, want=9253, limit=63
[  664.420081] attempt to access beyond end of device
[  664.435542] loop1: rw=1, want=13349, limit=63
[  664.445318] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  664.479209] attempt to access beyond end of device
[  664.527407] loop1: rw=1, want=17445, limit=63
[  664.555087] attempt to access beyond end of device
[  664.579339] loop1: rw=1, want=18597, limit=63
[  664.668363] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  665.102897] audit: type=1804 audit(1587358710.636:327): pid=13966 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/683/file0/bus" dev="loop1" ino=122 res=1
[  665.226970] audit: type=1804 audit(1587358710.676:328): pid=13970 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/683/file0/bus" dev="loop1" ino=122 res=1
[  665.783033] attempt to access beyond end of device
[  665.788044] loop1: rw=1, want=5045, limit=63
[  665.796684] attempt to access beyond end of device
[  665.803364] loop1: rw=1, want=9141, limit=63
[  665.812176] attempt to access beyond end of device
[  665.817222] loop1: rw=1, want=13237, limit=63
[  665.825945] attempt to access beyond end of device
[  665.830981] loop1: rw=1, want=17333, limit=63
[  665.836902] attempt to access beyond end of device
[  665.842179] loop1: rw=1, want=19273, limit=63
[  666.050313] NOHZ: local_softirq_pending 08
04:58:32 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x39}], 0x32, 0x51, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_open_dev$midi(0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f00000002c0)={{0x3, 0x20}, {0x8}, 0x0, 0x0, 0x5})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
dup3(0xffffffffffffffff, r4, 0x0)
perf_event_open(0x0, 0x0, 0x20000000000, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

04:58:32 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000480)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e22}, 0x10)
recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12001, 0x0)

04:58:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:32 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(0x0, 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  666.623349] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  666.635238] audit: type=1804 audit(1587358712.206:329): pid=14035 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/684/file0/bus" dev="loop1" ino=123 res=1
04:58:32 executing program 5:
perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0x4}}]}, 0x38}}, 0x0)

04:58:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  666.919808] audit: type=1804 audit(1587358712.246:330): pid=14040 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/684/file0/bus" dev="loop1" ino=123 res=1
04:58:32 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x2b, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7800000024000b0f000000000400000013000000", @ANYRES32, @ANYBLOB="00000000fffffffff2ff060008000100736671004c00020000000000000000000000000000000000000000b8920000070000000c000c00000000000000000004000000000000000000000000000000000000000d7074b45695fc51980a32a2de6a77008247692ea2f2aa1636f47c8f8a69c3d56cf61fc47dcb9a7a3e47800f72db1457f086033530b3e510007ecc111dd05761a525dd986f8cfd82"], 0x78}}, 0x0)

04:58:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:32 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:32 executing program 2:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@local, 0x20000, 0x4}, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))

[  667.361432] attempt to access beyond end of device
[  667.366410] loop1: rw=1, want=4853, limit=63
[  667.430637] attempt to access beyond end of device
[  667.440437] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  667.472745] loop1: rw=1, want=8949, limit=63
[  667.525228] attempt to access beyond end of device
[  667.540646] loop1: rw=1, want=13045, limit=63
[  667.550160] attempt to access beyond end of device
[  667.555198] loop1: rw=1, want=17141, limit=63
[  667.564657] attempt to access beyond end of device
[  667.570085] loop1: rw=1, want=20865, limit=63
[  668.004927] audit: type=1804 audit(1587358713.566:331): pid=14117 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/685/file0/bus" dev="loop1" ino=124 res=1
[  668.086661] audit: type=1804 audit(1587358713.616:332): pid=14121 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/685/file0/bus" dev="loop1" ino=124 res=1
[  668.752842] attempt to access beyond end of device
[  668.757832] loop1: rw=1, want=5741, limit=63
[  668.765326] attempt to access beyond end of device
[  668.770602] loop1: rw=1, want=9837, limit=63
[  668.777386] attempt to access beyond end of device
[  668.782666] loop1: rw=1, want=13933, limit=63
[  668.790411] attempt to access beyond end of device
[  668.795386] loop1: rw=1, want=18029, limit=63
[  668.802745] attempt to access beyond end of device
[  668.807673] loop1: rw=1, want=22125, limit=63
[  668.813562] attempt to access beyond end of device
[  668.818502] loop1: rw=1, want=22153, limit=63
04:58:35 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:35 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000002140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='mpol=prefer=retative:0'])

04:58:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:35 executing program 2:
nanosleep(&(0x7f0000000a00)={0x77359400}, 0x0)

04:58:35 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:35 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  669.563454] tmpfs: Bad value 'prefer=retative:0' for mount option 'mpol'
[  669.618215] tmpfs: Bad value 'prefer=retative:0' for mount option 'mpol'
04:58:35 executing program 5:
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)

[  669.652663] audit: type=1804 audit(1587358715.216:333): pid=14181 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/686/file0/bus" dev="loop1" ino=125 res=1
[  669.792701] audit: type=1804 audit(1587358715.256:334): pid=14190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/686/file0/bus" dev="loop1" ino=125 res=1
04:58:35 executing program 5:
rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x8)

[  670.259958] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:35 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, 0x0, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:35 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:35 executing program 2:
semget(0x0, 0x1, 0x0)

[  670.393626] attempt to access beyond end of device
[  670.398607] loop1: rw=1, want=4849, limit=63
[  670.454429] attempt to access beyond end of device
[  670.484898] loop1: rw=1, want=8945, limit=63
[  670.503736] attempt to access beyond end of device
[  670.527422] loop1: rw=1, want=13041, limit=63
[  670.530978] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  670.558930] attempt to access beyond end of device
[  670.592951] loop1: rw=1, want=17137, limit=63
[  670.602174] attempt to access beyond end of device
[  670.607470] loop1: rw=1, want=21069, limit=63
[  670.995340] audit: type=1804 audit(1587358716.556:335): pid=14257 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/687/file0/bus" dev="loop1" ino=126 res=1
[  671.082788] audit: type=1804 audit(1587358716.626:336): pid=14261 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/687/file0/bus" dev="loop1" ino=126 res=1
[  671.732694] attempt to access beyond end of device
[  671.737686] loop1: rw=1, want=5677, limit=63
[  671.745399] attempt to access beyond end of device
[  671.751239] loop1: rw=1, want=9773, limit=63
[  671.758066] attempt to access beyond end of device
[  671.763907] loop1: rw=1, want=13869, limit=63
[  671.771456] attempt to access beyond end of device
[  671.776382] loop1: rw=1, want=17965, limit=63
[  671.784403] attempt to access beyond end of device
[  671.789785] loop1: rw=1, want=20841, limit=63
04:58:38 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:38 executing program 5:
socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
setsockopt$inet_buf(r0, 0x0, 0x0, &(0x7f0000000040), 0x0)

04:58:38 executing program 2:
r0 = eventfd(0xfbfffff8)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$P9_RSYMLINK(r1, &(0x7f0000000000)={0x14}, 0x14)

04:58:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:38 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, 0x0, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:38 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x1000006)
readv(r0, &(0x7f0000001780)=[{&(0x7f0000000000)=""/94, 0x5e}], 0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "de00"})

04:58:38 executing program 5:
timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000640)='/dev/full\x00', 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'\x00', 0xd102})
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000000340)=""/166, 0xa6}], 0x1, 0x0)
dup2(r0, r1)
r2 = gettid()
tkill(r2, 0x1000000000016)

04:58:38 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  672.698378] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  672.763242] audit: type=1804 audit(1587358718.326:337): pid=14326 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/688/file0/bus" dev="loop1" ino=127 res=1
[  672.856949] audit: type=1804 audit(1587358718.396:338): pid=14337 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/688/file0/bus" dev="loop1" ino=127 res=1
04:58:38 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x0, 0x6}, 0x40)

04:58:38 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
writev(r0, &(0x7f0000002980)=[{&(0x7f0000001600)="d083b8778d9e055daedb2fb28df629afabdb0b25311ef1e77295a000a43e2610b846a5a59c06a800d3d76df145cad9aaddefb439dffeeefe701249890b0ea7339ca9794b6cf290548aba931a5059dedce4", 0x51}, {&(0x7f00000016c0)="7507747dd9bcc24bc9201e9ab3851c2352e456a59990f36599f89b848cf73dba62e0ee4d214b4ea417ba047283d923aa85916b00b017843fb4dd334d8bf4ab10c73e81992e6fd44138b794415b5cc26106b7db3a6b8796ce064e031f8f35e3f749cb730bb38dcfb2cf9155bf417d427a6ea7c2284e317a87736058c4140d8fe5d67450f4e38f91", 0x87}, {&(0x7f0000001880)="a45d4e26c6fadcbd663ccd6c0aca006b802c18d131b5427b3d4515dee8f10570a5923f3f543435278f94c3f8f0d4c35488ecfb1bd630b2e1e0e4247bb44938f03d603b27e44942ddcd3f11f086e6bf39ab074b690284b6d6aff6cc1e736b32f7d781c315bad312c6e8062089abe9838cd011d5227aa050589d2e5f34e10165336747bc2156f8e2570a4a76d4af1ef57edb31f57834ba2486c9f253a1737d59d15a11571414ec61c17dc20d9974e58cf2925c7c6e56216d4e35e39a9977e27e21450596008761c86e216667c6f72b64fdcad802718d16b390d4b4dc05bffb838b7e6831cc53b65b1de0bbf6ce1311a722a80065913d37bea8c988e3b3f05ab1eb02d6b52a11191f1ced75b0201802e5f2881204104e152b5644da9d26301ed8905156a069c61444d44d82c135ff4f20574247a4a5cc963e3c395a029125ccae1f1564a3e28e06b1a08e47bd1a9621edf1003d167cbdfc0be2a4914908198575a688a38d24bdc9881ced9fe04e119a87b9286ea15aa168163a9650a26a926c571f2f0e0b2102de1fd1a6920cb71d846f02b2c23f80a3c0116b48d14925e69c4a", 0x19f}], 0x3)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xfff, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860685cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)

[  673.106211] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14338 comm=syz-executor.4
[  673.513620] attempt to access beyond end of device
[  673.523164] loop1: rw=1, want=5653, limit=63
[  673.565031] attempt to access beyond end of device
[  673.571345] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  673.614308] loop1: rw=1, want=9749, limit=63
[  673.648499] attempt to access beyond end of device
[  673.657459] loop1: rw=1, want=13845, limit=63
[  673.672904] attempt to access beyond end of device
[  673.679321] loop1: rw=1, want=17941, limit=63
[  673.696852] attempt to access beyond end of device
[  673.709751] loop1: rw=1, want=20905, limit=63
04:58:41 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, 0x0, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:41 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002800120009000100766574680000000018000200140001000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4138ae84, &(0x7f00000001c0)=ANY=[@ANYBLOB="006fe533912d000000000000042d2630d6bc69d9"])

04:58:41 executing program 2:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.stat\x00', 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, r0, 0x0)

04:58:41 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  675.764432] audit: type=1804 audit(1587358721.326:339): pid=14444 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/689/file0/bus" dev="loop1" ino=128 res=1
[  675.989039] audit: type=1804 audit(1587358721.376:340): pid=14451 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/689/file0/bus" dev="loop1" ino=128 res=1
04:58:41 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:41 executing program 2:

[  676.469825] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:41 executing program 5:

04:58:42 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  676.512955] attempt to access beyond end of device
[  676.517979] loop1: rw=1, want=4893, limit=63
04:58:42 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, 0x0, 0x0, 0x0)

04:58:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002800120009000100766574680000000018000200140001000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:42 executing program 2:

[  676.563349] attempt to access beyond end of device
[  676.568352] loop1: rw=1, want=8989, limit=63
04:58:42 executing program 2:

04:58:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, 0x0, 0x0, 0x0)

04:58:42 executing program 5:

[  676.637534] attempt to access beyond end of device
[  676.656146] loop1: rw=1, want=13085, limit=63
04:58:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(0x0, 0x33)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, 0x0, 0x0, 0x0)

[  676.694428] attempt to access beyond end of device
[  676.712944] loop1: rw=1, want=17181, limit=63
04:58:42 executing program 2:

04:58:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  676.737882] attempt to access beyond end of device
[  676.758022] loop1: rw=1, want=21277, limit=63
04:58:42 executing program 5:

[  676.783425] attempt to access beyond end of device
[  676.799785] loop1: rw=1, want=21337, limit=63
04:58:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  676.922146] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  677.398920] audit: type=1804 audit(1587358722.956:341): pid=14565 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/690/file0/bus" dev="loop1" ino=129 res=1
[  677.452766] audit: type=1804 audit(1587358723.006:342): pid=14569 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/690/file0/bus" dev="loop1" ino=129 res=1
04:58:43 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:43 executing program 5:

04:58:43 executing program 2:

04:58:43 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002800120009000100766574680000000018000200140001000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:43 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:43 executing program 5:

04:58:43 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:43 executing program 2:

[  678.153756] attempt to access beyond end of device
04:58:43 executing program 5:

[  678.178404] loop1: rw=1, want=4861, limit=63
[  678.189597] attempt to access beyond end of device
[  678.201918] loop1: rw=1, want=8957, limit=63
04:58:43 executing program 2:

[  678.228542] attempt to access beyond end of device
04:58:43 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
close(r0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)

[  678.260935] loop1: rw=1, want=13053, limit=63
[  678.317192] attempt to access beyond end of device
[  678.327169] loop1: rw=1, want=17149, limit=63
[  678.332056] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  678.365969] attempt to access beyond end of device
[  678.379317] loop1: rw=1, want=21245, limit=63
[  678.394283] attempt to access beyond end of device
[  678.399302] loop1: rw=1, want=22505, limit=63
[  678.772116] audit: type=1804 audit(1587358724.336:343): pid=14643 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/691/file0/bus" dev="loop1" ino=130 res=1
[  678.860388] audit: type=1804 audit(1587358724.406:344): pid=14647 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/691/file0/bus" dev="loop1" ino=130 res=1
04:58:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:45 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x3c]}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)

04:58:45 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r2, 0x0, 0xb6, 0x0)
r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r3, r2)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:45 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)

[  679.513096] attempt to access beyond end of device
[  679.518222] loop1: rw=1, want=5845, limit=63
[  679.545124] attempt to access beyond end of device
[  679.555229] loop1: rw=1, want=9941, limit=63
04:58:45 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x26004fe8, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmmsg$inet(r0, &(0x7f0000003700)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000001600)="43abe0d984e51ead820231c53a90fa104be9a70e8bbcbb3ae24732fdc3d5982ce82abd65c3c74a2fa2f55455fe1a39225ccfb3793b694b11a79ac93f71648f6bcc9861598b9efc0192f78fca7da4ab121f82790e3a6880901368b4710da08e55776eb7ddd8f00a167ee50002f80b8439d11d81a69245fbf14bf940d236918ac281b669232276bcad8f7333cd65e07097b5e350e801c7f7207a136ac42cdb95452dff658a073b06aa43461c21da484c0168033c1c3ab0cde3cd278d2fc26b4baaff0e9557b81251bbeab482ff747afd1673d6eb5ab0a2476714649cec193e0a92cbb9c73fca432992879d6cd0138143ea86c04850f3b50b5d5cc9359fe4c96446978220c282ccd4163c11bd2d45361318494561377bc21df4a1d3f070aa2b1daaa3bef566d4785a7b60bd2555d5a6195682767c69f6513e46f84d3f81ce4316e5e9e8c6575e2af3f395a468d6f5cec96f8de692dc4bf1f7e1f5123a66f720c04cf1a54e515c199852673ae8d92150d07ab43f5764f01c63c8330e0cc8557e46ca51a7d8aaebe84ef8765b78cff95a0bfed1daac3cd1a4f5b88ade16a4b50abec0538a136e80c7a5a70b2fa857d5b1bc32166105843747183c51a942cd5d706ba587bdb44cca416d5f58ea3ada493f25535181f4f6278fee21046bee5355b617ed73510c00da19a28b1720ff9ce5fca07191e49299cb63ef02f6f713e5a431e5c60e6982d5438d5767efae070bf2e302388f1f89d5ac7406fcfd635da33c49c3ad237ac6dcdded418ffe06ac3f7218e686b123749a139ae590b6db8f7a1e88afdb56eac363a29254f0faa02bdef02a36db4beafb041b84dce08345f7d88d78a00c1a6dc017c26a9e7ae426d874f6f2300c3599b3da0d18547b999a38acafb97db8a471a51a2c3b4c06bd87630ae38ea1a39a0420141436f9f6933f9bea3488c5d897323438dacda688b019a89349601cdd42cd984ed70057b810c0a1b6f8630733a0ce3ede74425d972251ab3bd8e2a93cc209644692c633b85998bd706bd402a709baa4176ce43c7e9437395434c64dcdd0c43a0ec8d2391d9e81e52b777a41cd70f76e99d5d20e33481218ed2df1324dca4b86bc851071258e7cdeca763d8e0146247741e7fd2ff1b18062d21d396037840fd5767e245455f39bf3c57e7caab14078633ede3d2d6c2e22aca3fc6173359c9e3ab619adf0b1ba2f3f0fa85471ce5d6cad7dd0ef9b18f240733c0ea190ea517ba53bd9df5e3f4dd497829f139cd4ca2aff88536793b438beef0d52c810ff2f20db9b6c6b824453fc09324ef9748a8b605c7f3e08298f9bfb1691b8fdf853be290f8029d2ae9b9bea7fa0b409ac0e83911ef5676f53bff3f899c306c8ddbb73f8332ffbd80a91a52f1901ba1facfbe39bb44f2ee1bfa914d267b6cb77d2d382b6f776bb629cc65caadcee5ef286a1", 0x400}], 0x1}}], 0x1, 0x488d5)
recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0x22e8}], 0x1, 0x0, 0xff96ce4aaaa47475}, 0x0)
readv(r0, &(0x7f00000014c0)=[{&(0x7f0000000040)=""/56, 0x38}], 0x1)

[  679.563808] attempt to access beyond end of device
[  679.568768] loop1: rw=1, want=14037, limit=63
04:58:45 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x3c]}]}, 0x40}}, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)

[  679.613877] attempt to access beyond end of device
[  679.629890] loop1: rw=1, want=18133, limit=63
[  679.638207] attempt to access beyond end of device
[  679.645773] loop1: rw=1, want=21249, limit=63
[  679.712944] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  680.122915] audit: type=1804 audit(1587358725.686:345): pid=14724 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/692/file0/bus" dev="loop1" ino=131 res=1
[  680.258112] audit: type=1804 audit(1587358725.726:346): pid=14728 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/692/file0/bus" dev="loop1" ino=131 res=1
[  680.871811] attempt to access beyond end of device
[  680.876772] loop1: rw=1, want=4877, limit=63
[  680.885542] attempt to access beyond end of device
[  680.890762] loop1: rw=1, want=8973, limit=63
[  680.897345] attempt to access beyond end of device
[  680.902621] loop1: rw=1, want=13069, limit=63
[  680.909540] attempt to access beyond end of device
[  680.914476] loop1: rw=1, want=17165, limit=63
[  680.922978] attempt to access beyond end of device
[  680.927914] loop1: rw=1, want=21249, limit=63
04:58:46 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:46 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:46 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:46 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:46 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:46 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  681.300914] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  681.377476] audit: type=1804 audit(1587358726.936:347): pid=14825 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/693/file0/bus" dev="loop1" ino=132 res=1
[  681.477062] audit: type=1804 audit(1587358726.976:348): pid=14830 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/693/file0/bus" dev="loop1" ino=132 res=1
[  681.562616] audit: type=1804 audit(1587358727.016:349): pid=14831 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/579/bus" dev="sda1" ino=16340 res=1
04:58:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468000000001800020014000100000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  681.594660] audit: type=1804 audit(1587358727.086:350): pid=14783 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/579/bus" dev="sda1" ino=16340 res=1
[  681.686525] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:58:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b200"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  682.076141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14871 comm=syz-executor.2
04:58:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  682.286213] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  682.318467] audit: type=1804 audit(1587358727.876:351): pid=14928 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/694/file0/bus" dev="loop1" ino=133 res=1
[  682.398095] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=14931 comm=syz-executor.4
[  682.427099] audit: type=1804 audit(1587358727.926:352): pid=14932 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/694/file0/bus" dev="loop1" ino=133 res=1
[  682.904299] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  683.062977] attempt to access beyond end of device
[  683.067990] loop1: rw=1, want=4877, limit=63
[  683.092393] attempt to access beyond end of device
[  683.102710] loop1: rw=1, want=8973, limit=63
[  683.116786] attempt to access beyond end of device
[  683.122359] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  683.138826] loop1: rw=1, want=13069, limit=63
[  683.158420] attempt to access beyond end of device
[  683.166164] loop1: rw=1, want=17165, limit=63
[  683.183651] attempt to access beyond end of device
[  683.188656] loop1: rw=1, want=21253, limit=63
04:58:49 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:49 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:49 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  684.340830] audit: type=1804 audit(1587358729.906:353): pid=15074 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/695/file0/bus" dev="loop1" ino=134 res=1
[  684.445520] audit: type=1804 audit(1587358729.946:354): pid=15096 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/695/file0/bus" dev="loop1" ino=134 res=1
04:58:50 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(0x0, 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  684.894684] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:50 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(0x0, 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:50 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000), 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  685.034473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:58:50 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:50 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(0x0, 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  685.080311] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  685.100924] attempt to access beyond end of device
[  685.105893] loop1: rw=1, want=4845, limit=63
[  685.163406] attempt to access beyond end of device
[  685.168382] loop1: rw=1, want=8941, limit=63
[  685.226116] attempt to access beyond end of device
[  685.242152] loop1: rw=1, want=13037, limit=63
[  685.262132] attempt to access beyond end of device
[  685.273793] loop1: rw=1, want=17133, limit=63
[  685.316701] attempt to access beyond end of device
[  685.348001] loop1: rw=1, want=21225, limit=63
[  685.392233] audit: type=1804 audit(1587358730.946:355): pid=15194 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/582/file0/bus" dev="loop5" ino=135 res=1
[  685.805661] audit: type=1804 audit(1587358730.996:356): pid=15197 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/582/file0/bus" dev="loop5" ino=135 res=1
[  685.981225] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  686.043537] attempt to access beyond end of device
[  686.048552] loop5: rw=1, want=4393, limit=63
[  686.098914] attempt to access beyond end of device
[  686.108754] loop5: rw=1, want=8489, limit=63
[  686.117283] attempt to access beyond end of device
[  686.127040] loop5: rw=1, want=11293, limit=63
[  686.447322] audit: type=1804 audit(1587358732.006:357): pid=15214 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/696/file0/bus" dev="loop1" ino=136 res=1
[  686.536550] audit: type=1804 audit(1587358732.076:358): pid=15218 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/696/file0/bus" dev="loop1" ino=136 res=1
[  687.172499] NOHZ: local_softirq_pending 08
[  687.192226] attempt to access beyond end of device
[  687.197194] loop1: rw=1, want=5869, limit=63
[  687.204617] attempt to access beyond end of device
[  687.210284] loop1: rw=1, want=9965, limit=63
[  687.216906] attempt to access beyond end of device
04:58:52 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:52 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:52 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:52 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:52 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000), 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  687.223041] loop1: rw=1, want=14061, limit=63
[  687.230688] attempt to access beyond end of device
[  687.235630] loop1: rw=1, want=18157, limit=63
[  687.243126] attempt to access beyond end of device
[  687.248075] loop1: rw=1, want=21921, limit=63
[  688.260234] audit: type=1804 audit(1587358733.166:359): pid=15252 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/583/bus" dev="sda1" ino=16947 res=1
[  688.393850] audit: type=1804 audit(1587358733.186:360): pid=15253 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/825/bus" dev="sda1" ino=16948 res=1
04:58:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:54 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  688.714327] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:54 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  688.812661] audit: type=1804 audit(1587358733.376:361): pid=15255 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/825/bus" dev="sda1" ino=16948 res=1
[  688.871812] audit: type=1804 audit(1587358733.466:362): pid=15254 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/583/bus" dev="sda1" ino=16947 res=1
[  689.034212] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:55 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000), 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  690.170993] audit: type=1804 audit(1587358734.836:363): pid=15371 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/697/file0/bus" dev="sda1" ino=16081 res=1
04:58:55 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:55 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  690.365762] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:58:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  690.392149] audit: type=1804 audit(1587358734.886:364): pid=15372 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/826/bus" dev="sda1" ino=16097 res=1
[  690.829133] audit: type=1804 audit(1587358735.046:365): pid=15373 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/697/file0/bus" dev="sda1" ino=16081 res=1
[  691.096504] audit: type=1804 audit(1587358735.186:366): pid=15374 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/826/bus" dev="sda1" ino=16097 res=1
04:58:56 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:56 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  691.193510] bond122 (uninitialized): Released all slaves
[  691.200612] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  691.218677] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:58:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:56 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:58:56 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  691.551272] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15493 comm=syz-executor.4
[  691.570090] audit: type=1804 audit(1587358735.266:367): pid=15375 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/584/bus" dev="sda1" ino=16114 res=1
[  691.616499] audit: type=1804 audit(1587358735.466:368): pid=15376 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/584/bus" dev="sda1" ino=16114 res=1
04:58:58 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  692.530411] audit: type=1804 audit(1587358736.176:369): pid=15439 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/827/file0/bus" dev="sda1" ino=16258 res=1
[  692.557984] audit: type=1804 audit(1587358736.276:370): pid=15440 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/827/file0/bus" dev="sda1" ino=16258 res=1
[  692.585063] audit: type=1804 audit(1587358736.876:371): pid=15485 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/698/file0/bus" dev="loop1" ino=137 res=1
04:58:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  692.619230] audit: type=1804 audit(1587358736.926:372): pid=15489 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/698/file0/bus" dev="loop1" ino=137 res=1
[  692.622488] attempt to access beyond end of device
[  692.650101] audit: type=1804 audit(1587358737.396:373): pid=15526 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/586/bus" dev="sda1" ino=16392 res=1
[  692.686803] loop1: rw=1, want=5625, limit=63
[  692.706809] audit: type=1804 audit(1587358737.396:374): pid=15527 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/828/bus" dev="sda1" ino=16401 res=1
[  692.744205] attempt to access beyond end of device
[  692.749166] loop1: rw=1, want=9721, limit=63
[  692.770293] attempt to access beyond end of device
[  692.775256] loop1: rw=1, want=10053, limit=63
[  692.806197] audit: type=1804 audit(1587358737.886:375): pid=15529 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/586/bus" dev="sda1" ino=16392 res=1
[  692.912343] audit: type=1804 audit(1587358737.986:376): pid=15528 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/828/bus" dev="sda1" ino=16401 res=1
04:58:58 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:58:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x4}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, 0x0, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:58:58 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(0xffffffffffffffff, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:58:59 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  693.722956] attempt to access beyond end of device
[  693.727952] loop2: rw=1, want=4625, limit=63
[  693.761181] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:58:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  693.783277] attempt to access beyond end of device
[  693.795391] loop2: rw=1, want=8721, limit=63
[  693.808874] attempt to access beyond end of device
[  693.815803] loop2: rw=1, want=10937, limit=63
04:59:00 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:00 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  694.541829] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  694.633527] attempt to access beyond end of device
[  694.638587] loop1: rw=1, want=5613, limit=63
[  694.668824] attempt to access beyond end of device
[  694.676686] loop1: rw=1, want=9709, limit=63
[  694.698069] attempt to access beyond end of device
[  694.711728] loop1: rw=1, want=13805, limit=63
[  694.721579] attempt to access beyond end of device
[  694.735408] loop1: rw=1, want=17901, limit=63
04:59:00 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r4)

[  694.758075] attempt to access beyond end of device
[  694.767217] loop1: rw=1, want=20793, limit=63
[  694.778831] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  695.210530] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:00 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  695.760922] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:01 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:01 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)

04:59:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:01 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb6, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:01 executing program 5:
r0 = getpid()
getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)={0x60, 0x2, 0x3, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x0, 0x0, 0xb}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x18}, @NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x25}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x8}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x8}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2d}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x3f}, @NFQA_CFG_PARAMS={0x9, 0x2, {0xffff}}]}, 0x60}, 0x1, 0x0, 0x0, 0xa051}, 0x40000)
sched_setscheduler(r0, 0x4, &(0x7f0000000380)=0x1f)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000380))
prctl$PR_SET_PTRACER(0x59616d61, r3)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = dup3(r2, r4, 0x0)
mkdirat$cgroup(r6, &(0x7f0000000000)='syz1\x00', 0x1ff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="ff000000", @ANYRES16=r8, @ANYBLOB="200026bd7000000000000f000000540005802c00028008000300000000000800020000000000080003000000000008000200ff07000008000300faffffff08000100756470001c00028008000200000000000800040020000000080001000e0000000c0005800800010075647000040003802400098008000100160000000800020000000000080002000100000008000200030000000c0003800800030002000000"], 0xa8}}, 0x10)
sendmsg$TIPC_NL_LINK_RESET_STATS(r7, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x120, r8, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x399f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xb3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x793e}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9a9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xb8}]}, @TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvlan0\x00'}}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x126}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x81}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xed}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x447}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8001}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x20008004}, 0x2004)
dup2(r1, r5)

04:59:02 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  696.846266] attempt to access beyond end of device
[  696.864647] loop1: rw=1, want=5617, limit=63
[  696.905348] attempt to access beyond end of device
[  696.912031] loop1: rw=1, want=9713, limit=63
[  696.922873] attempt to access beyond end of device
[  696.928390] loop1: rw=1, want=13809, limit=63
[  696.939953] attempt to access beyond end of device
[  696.945489] loop1: rw=1, want=17905, limit=63
[  696.955661] attempt to access beyond end of device
[  696.969812] loop1: rw=1, want=21557, limit=63
04:59:02 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0x0, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  697.073623] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  697.098148] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:02 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:02 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0x0, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  697.307121] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  697.403822] kauditd_printk_skb: 8 callbacks suppressed
[  697.409638] audit: type=1804 audit(1587358742.966:385): pid=15972 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/832/file0/bus" dev="loop2" ino=141 res=1
04:59:03 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0x0, 0x0)
r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  697.677529] audit: type=1804 audit(1587358743.016:386): pid=15975 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/832/file0/bus" dev="loop2" ino=141 res=1
[  697.788496] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  698.150338] audit: type=1804 audit(1587358743.716:387): pid=16030 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/701/file0/bus" dev="loop1" ino=142 res=1
[  698.492396] audit: type=1804 audit(1587358743.756:388): pid=16037 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/701/file0/bus" dev="loop1" ino=142 res=1
[  698.861982] attempt to access beyond end of device
[  698.867046] loop1: rw=1, want=4873, limit=63
[  698.880529] attempt to access beyond end of device
[  698.885576] loop1: rw=1, want=8969, limit=63
[  698.899327] attempt to access beyond end of device
[  698.905237] loop1: rw=1, want=13065, limit=63
[  698.918356] attempt to access beyond end of device
[  698.923620] loop1: rw=1, want=17161, limit=63
[  698.937129] attempt to access beyond end of device
[  698.942267] loop1: rw=1, want=20053, limit=63
04:59:05 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:05 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(0x0, 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:05 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:05 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  699.557394] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  700.219967] audit: type=1804 audit(1587358745.276:389): pid=16132 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/702/bus" dev="sda1" ino=16769 res=1
04:59:05 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(0x0, 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:05 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:05 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  700.325482] audit: type=1804 audit(1587358745.376:390): pid=16109 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/833/bus" dev="sda1" ino=16786 res=1
[  700.353981] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:05 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:06 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
r4 = open$dir(0x0, 0x0, 0x0)
dup2(r4, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  700.447930] audit: type=1804 audit(1587358745.566:391): pid=16133 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/702/bus" dev="sda1" ino=16769 res=1
[  700.484256] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  701.571340] audit: type=1804 audit(1587358745.596:392): pid=16129 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/833/bus" dev="sda1" ino=16786 res=1
[  701.630464] audit: type=1804 audit(1587358746.276:393): pid=16195 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/834/bus" dev="sda1" ino=16377 res=1
[  701.690169] audit: type=1804 audit(1587358746.346:394): pid=16184 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/592/bus" dev="sda1" ino=16397 res=1
04:59:08 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:08 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000080)={0x1}, 0x4)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4}, @IFLA_IFNAME={0x14, 0x3, 'batadv0\x00'}]}, 0x3c}}, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=0x4004)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x1, 0x0)
ioctl$VIDIOC_CROPCAP(r6, 0xc02c563a, &(0x7f0000000040)={0x2, {0x7, 0x0, 0x190, 0x81}, {0x8, 0x7, 0x7f, 0x4}, {0x3, 0x1}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x2, 0x101000)
setsockopt$kcm_KCM_RECV_DISABLE(r7, 0x119, 0x1, &(0x7f0000000200)=0x4, 0x4)
dup3(r2, r3, 0x0)
dup2(r1, r5)

04:59:08 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:08 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:08 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  702.453564] attempt to access beyond end of device
[  702.458879] loop1: rw=1, want=6873, limit=63
[  702.468073] attempt to access beyond end of device
[  702.473331] loop1: rw=1, want=10969, limit=63
[  702.501403] attempt to access beyond end of device
[  702.514135] loop1: rw=1, want=15065, limit=63
[  702.529101] attempt to access beyond end of device
[  702.535766] loop1: rw=1, want=17661, limit=63
04:59:08 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  702.700658] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  702.782748] kauditd_printk_skb: 4 callbacks suppressed
[  702.791054] audit: type=1804 audit(1587358748.346:399): pid=16265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/593/file0/bus" dev="loop5" ino=144 res=1
04:59:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  702.997108] audit: type=1804 audit(1587358748.386:400): pid=16268 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/593/file0/bus" dev="loop5" ino=144 res=1
04:59:08 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  703.233790] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:08 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:09 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  703.532345] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  703.731159] audit: type=1804 audit(1587358749.126:401): pid=16364 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/704/file0/bus" dev="loop1" ino=145 res=1
[  703.783147] audit: type=1804 audit(1587358749.206:402): pid=16367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/704/file0/bus" dev="loop1" ino=145 res=1
[  704.204803] audit: type=1804 audit(1587358749.766:403): pid=16378 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/594/file0/bus" dev="loop5" ino=146 res=1
[  704.419176] attempt to access beyond end of device
[  704.433209] audit: type=1804 audit(1587358749.816:404): pid=16382 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/594/file0/bus" dev="loop5" ino=146 res=1
[  704.458686] loop1: rw=1, want=6529, limit=63
[  704.473362] attempt to access beyond end of device
[  704.491746] loop1: rw=1, want=10625, limit=63
[  704.544320] attempt to access beyond end of device
[  704.555962] loop1: rw=1, want=14721, limit=63
[  704.568753] attempt to access beyond end of device
[  704.575451] loop1: rw=1, want=17733, limit=63
[  705.100634] NOHZ: local_softirq_pending 08
04:59:11 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:11 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:11 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:11 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:11 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  705.550851] ptrace attach of "/root/syz-executor.0"[16405] was attempted by "/root/syz-executor.0"[16406]
04:59:11 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  705.609817] ptrace attach of "/root/syz-executor.0"[16434] was attempted by "/root/syz-executor.0"[16437]
[  705.905389] audit: type=1804 audit(1587358751.276:405): pid=16455 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/705/file0/bus" dev="loop1" ino=147 res=1
[  705.981726] ptrace attach of "/root/syz-executor.0"[16462] was attempted by "/root/syz-executor.0"[16464]
04:59:11 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  706.025553] audit: type=1804 audit(1587358751.356:406): pid=16460 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/705/file0/bus" dev="loop1" ino=147 res=1
[  706.273161] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16452 comm=syz-executor.5
[  706.356858] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  706.372360] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  706.395852] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:59:12 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:12 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:12 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:12 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  706.525217] attempt to access beyond end of device
[  706.542511] loop1: rw=1, want=6489, limit=63
[  706.599703] attempt to access beyond end of device
[  706.620760] loop1: rw=1, want=10585, limit=63
[  706.673190] attempt to access beyond end of device
[  706.678352] loop1: rw=1, want=14681, limit=63
[  707.071112] audit: type=1804 audit(1587358752.356:407): pid=16521 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/837/bus" dev="sda1" ino=16989 res=1
[  707.232862] audit: type=1804 audit(1587358752.456:408): pid=16522 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/837/bus" dev="sda1" ino=16989 res=1
[  707.393367] attempt to access beyond end of device
[  707.398507] loop1: rw=1, want=18777, limit=63
[  707.405056] attempt to access beyond end of device
[  707.410363] loop1: rw=1, want=19269, limit=63
04:59:13 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:13 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:13 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  707.450832] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  707.474341] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  707.834531] kauditd_printk_skb: 1 callbacks suppressed
[  707.834541] audit: type=1804 audit(1587358753.386:410): pid=16597 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/597/file0/bus" dev="loop5" ino=148 res=1
[  708.244287] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  708.669915] audit: type=1804 audit(1587358753.976:411): pid=16622 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/838/bus" dev="sda1" ino=16988 res=1
04:59:14 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  708.827077] audit: type=1804 audit(1587358754.076:412): pid=16623 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/838/bus" dev="sda1" ino=16988 res=1
04:59:14 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

[  709.029776] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16630 comm=syz-executor.4
04:59:14 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:14 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:14 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  709.150680] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:14 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  709.203889] attempt to access beyond end of device
[  709.208908] loop5: rw=1, want=4645, limit=63
[  709.242344] attempt to access beyond end of device
[  709.247616] loop5: rw=1, want=8741, limit=63
[  709.257603] attempt to access beyond end of device
[  709.263444] loop5: rw=1, want=9441, limit=63
[  709.559772] audit: type=1804 audit(1587358754.936:413): pid=16698 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/706/bus" dev="sda1" ino=16983 res=1
[  709.623631] audit: type=1804 audit(1587358755.036:414): pid=16699 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/706/bus" dev="sda1" ino=16983 res=1
[  709.854855] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:15 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(0xffffffffffffffff, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f439", 0xb6)

04:59:15 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x0, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  710.163997] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x0, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:16 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  711.104494] audit: type=1804 audit(1587358756.096:415): pid=16802 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/598/bus" dev="sda1" ino=16421 res=1
04:59:17 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:17 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, 0x0, 0x0)

04:59:17 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  711.104575] audit: type=1804 audit(1587358756.206:416): pid=16803 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/598/bus" dev="sda1" ino=16421 res=1
[  711.104648] audit: type=1804 audit(1587358756.236:417): pid=16804 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/839/bus" dev="sda1" ino=16422 res=1
[  711.104726] audit: type=1804 audit(1587358756.436:418): pid=16805 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/839/bus" dev="sda1" ino=16422 res=1
[  711.429652] audit: type=1804 audit(1587358756.856:419): pid=16822 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/707/bus" dev="sda1" ino=16996 res=1
[  711.584960] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:18 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:18 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, 0x0, 0x0)

04:59:18 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x0, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  712.868380] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:59:18 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  712.991986] print_req_error: 2 callbacks suppressed
[  712.991992] print_req_error: I/O error, dev loop1, sector 0
[  713.296229] kauditd_printk_skb: 5 callbacks suppressed
[  713.296240] audit: type=1804 audit(1587358758.736:425): pid=16954 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/600/bus" dev="sda1" ino=16964 res=1
04:59:19 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x10800, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
ioctl$sock_netrom_SIOCDELRT(r6, 0x890c, &(0x7f0000000040)={0x1, @default, @rose={'rose', 0x0}, 0x2, 'syz1\x00', @null, 0x6, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r5)
eventfd2(0xffffffff, 0x1)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
ioctl$FIBMAP(r7, 0x1, &(0x7f0000000100)=0x9)

04:59:19 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x5}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  713.992946] audit: type=1804 audit(1587358758.816:426): pid=16955 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/600/bus" dev="sda1" ino=16964 res=1
04:59:19 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  713.993030] audit: type=1804 audit(1587358759.206:427): pid=16988 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/709/bus" dev="sda1" ino=16427 res=1
[  713.993098] audit: type=1804 audit(1587358759.316:428): pid=16989 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/709/bus" dev="sda1" ino=16427 res=1
04:59:19 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, 0x0, 0x0)

[  714.053239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  714.055589] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  714.092967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=16953 comm=syz-executor.4
[  714.446260] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:59:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:20 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x0, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  714.746524] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  714.864152] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  715.209706] audit: type=1804 audit(1587358760.536:429): pid=17150 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/710/file0/bus" dev="loop1" ino=149 res=1
[  715.301604] audit: type=1804 audit(1587358760.626:430): pid=17153 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/710/file0/bus" dev="loop1" ino=149 res=1
[  715.644034] attempt to access beyond end of device
[  715.649332] loop1: rw=1, want=6817, limit=63
[  715.665536] attempt to access beyond end of device
[  715.676346] loop1: rw=1, want=10913, limit=63
04:59:21 executing program 0:
socket$inet(0x2, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:21 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:21 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0), 0x0)

04:59:21 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  715.697867] attempt to access beyond end of device
[  715.707999] loop1: rw=1, want=15009, limit=63
[  715.723767] attempt to access beyond end of device
[  715.743977] loop1: rw=1, want=18917, limit=63
[  716.047862] audit: type=1804 audit(1587358761.606:431): pid=17203 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/602/file0/bus" dev="loop5" ino=150 res=1
04:59:22 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0), 0x0)

04:59:22 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  716.687264] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  716.750921] audit: type=1804 audit(1587358761.646:432): pid=17211 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/844/bus" dev="sda1" ino=17010 res=1
04:59:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  716.809583] audit: type=1804 audit(1587358761.746:433): pid=17212 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/844/bus" dev="sda1" ino=17010 res=1
[  716.865500] audit: type=1804 audit(1587358761.796:434): pid=17213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/602/file0/bus" dev="loop5" ino=150 res=1
[  717.377384] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:23 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0), 0x0)

[  718.607255] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:24 executing program 0:
socket$inet(0x2, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:24 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:24 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:24 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:24 executing program 0:
socket$inet(0x2, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:25 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r4)

[  720.073321] kauditd_printk_skb: 6 callbacks suppressed
[  720.073329] audit: type=1804 audit(1587358764.666:441): pid=17409 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/712/bus" dev="sda1" ino=17014 res=1
04:59:25 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  720.213321] audit: type=1804 audit(1587358764.676:442): pid=17408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/846/bus" dev="sda1" ino=17012 res=1
04:59:25 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6", 0x5b)

[  720.297500] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  720.314757] audit: type=1804 audit(1587358764.876:444): pid=17412 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/846/bus" dev="sda1" ino=17012 res=1
04:59:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6", 0x5b)

[  720.398593] audit: type=1804 audit(1587358764.876:443): pid=17411 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/712/bus" dev="sda1" ino=17014 res=1
04:59:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  720.491681] audit: type=1804 audit(1587358765.366:445): pid=17410 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/604/bus" dev="sda1" ino=17016 res=1
04:59:26 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6", 0x5b)

[  720.574441] audit: type=1804 audit(1587358765.446:446): pid=17413 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/604/bus" dev="sda1" ino=17016 res=1
[  721.185577] audit: type=1804 audit(1587358766.326:447): pid=17510 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/847/file0/bus" dev="sda1" ino=16162 res=1
[  721.185668] audit: type=1804 audit(1587358766.456:448): pid=17513 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/713/bus" dev="sda1" ino=16177 res=1
[  721.185745] audit: type=1804 audit(1587358766.526:449): pid=17512 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/847/file0/bus" dev="sda1" ino=16162 res=1
[  721.185816] audit: type=1804 audit(1587358766.656:450): pid=17514 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/713/bus" dev="sda1" ino=16177 res=1
04:59:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:27 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0", 0x89)

04:59:27 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  721.484350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, 0x0, &(0x7f00000002c0))
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  722.207997] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  722.533893] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:59:28 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:28 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0", 0x89)

04:59:28 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, 0x0, &(0x7f00000002c0))
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)

04:59:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  723.608059] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:29 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0", 0x89)

04:59:29 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd", 0xa0)

[  724.004775] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
04:59:29 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, 0x0, &(0x7f00000002c0))
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  724.050398] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:29 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f00000001c0)=0xc)
keyctl$chown(0x4, 0x0, 0x0, r3)
setfsgid(r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
dup3(r4, r5, 0x0)
dup2(r1, r6)

[  724.785497] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  725.278397] kauditd_printk_skb: 6 callbacks suppressed
[  725.278408] audit: type=1804 audit(1587358770.716:457): pid=17905 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/716/file0/bus" dev="sda1" ino=15954 res=1
[  725.358768] audit: type=1804 audit(1587358770.816:458): pid=17906 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/716/file0/bus" dev="sda1" ino=15954 res=1
[  725.437994] attempt to access beyond end of device
[  725.476906] loop2: rw=1, want=4653, limit=63
[  725.519187] attempt to access beyond end of device
[  725.536925] loop2: rw=1, want=8749, limit=63
[  725.564383] attempt to access beyond end of device
[  725.596510] loop2: rw=1, want=12845, limit=63
[  725.624464] attempt to access beyond end of device
[  725.646450] loop2: rw=1, want=13705, limit=63
04:59:31 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:31 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd", 0xa0)

04:59:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:31 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:31 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:31 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f00000001c0)=0xc)
keyctl$chown(0x4, 0x0, 0x0, r3)
setfsgid(r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
dup3(r4, r5, 0x0)
dup2(r1, r6)

04:59:33 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:33 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f00000001c0)=0xc)
keyctl$chown(0x4, 0x0, 0x0, r3)
setfsgid(r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
dup3(r4, r5, 0x0)
dup2(r1, r6)

[  727.395210] audit: type=1804 audit(1587358772.006:459): pid=17946 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/851/bus" dev="sda1" ino=16370 res=1
04:59:33 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd", 0xa0)

[  727.523946] audit: type=1804 audit(1587358772.036:460): pid=17947 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/717/bus" dev="sda1" ino=16387 res=1
[  727.618994] audit: type=1804 audit(1587358772.236:461): pid=17949 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/717/bus" dev="sda1" ino=16387 res=1
[  727.651257] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:33 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f6306", 0xab)

04:59:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  727.715675] audit: type=1804 audit(1587358772.306:462): pid=17948 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/851/bus" dev="sda1" ino=16370 res=1
04:59:33 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f6306", 0xab)

[  728.002077] audit: type=1804 audit(1587358773.556:463): pid=18020 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/718/bus" dev="sda1" ino=15827 res=1
[  728.233136] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  728.248396] audit: type=1804 audit(1587358773.606:464): pid=18034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/718/bus" dev="sda1" ino=15827 res=1
[  728.780153] NOHZ: local_softirq_pending 08
04:59:34 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:34 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f6306", 0xab)

04:59:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:34 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:34 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  730.289838] audit: type=1804 audit(1587358775.066:465): pid=18146 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/853/bus" dev="sda1" ino=16412 res=1
04:59:35 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:36 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  730.289920] audit: type=1804 audit(1587358775.176:466): pid=18148 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/853/bus" dev="sda1" ino=16412 res=1
04:59:36 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c", 0xb1)

[  730.289992] audit: type=1804 audit(1587358775.256:467): pid=18104 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/719/bus" dev="sda1" ino=16413 res=1
[  730.472784] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  730.497160] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x0, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:36 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:36 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c", 0xb1)

[  730.673930] FAT-fs (loop1): bogus number of reserved sectors
[  730.679992] FAT-fs (loop1): Can't find a valid FAT filesystem
[  730.880030] audit: type=1804 audit(1587358776.286:468): pid=18212 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/720/file0/bus" dev="sda1" ino=15875 res=1
[  730.957800] audit: type=1804 audit(1587358776.386:469): pid=18213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/720/file0/bus" dev="sda1" ino=15875 res=1
[  731.561980] audit: type=1804 audit(1587358776.796:470): pid=18229 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/610/bus" dev="sda1" ino=16446 res=1
[  731.644322] bond152 (uninitialized): Released all slaves
[  731.712331] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  731.863653] audit: type=1804 audit(1587358776.986:471): pid=18230 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/610/bus" dev="sda1" ino=16446 res=1
[  732.028736] audit: type=1804 audit(1587358777.586:472): pid=18254 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/854/file0/bus" dev="loop2" ino=153 res=1
[  732.168255] audit: type=1804 audit(1587358777.636:473): pid=18259 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/854/file0/bus" dev="loop2" ino=153 res=1
04:59:37 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:37 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:37 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:37 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c", 0xb1)

04:59:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x0, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  732.369066] bond152 (uninitialized): Released all slaves
04:59:38 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3", 0xb4)

[  733.199058] audit: type=1804 audit(1587358778.106:474): pid=18293 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/721/bus" dev="sda1" ino=16464 res=1
04:59:38 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:38 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:38 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  733.264838] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x0, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:38 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3", 0xb4)

[  734.644959] bond152 (uninitialized): Released all slaves
04:59:40 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:40 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:40 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3", 0xb4)

04:59:40 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  734.730202] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  734.865041] print_req_error: I/O error, dev loop5, sector 0
04:59:40 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f4", 0xb5)

[  734.999197] bond152 (uninitialized): Released all slaves
04:59:41 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)

[  736.136361] kauditd_printk_skb: 9 callbacks suppressed
[  736.136375] audit: type=1804 audit(1587358780.766:484): pid=18403 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/613/bus" dev="sda1" ino=16610 res=1
[  736.215863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:41 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x0, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  736.295195] audit: type=1804 audit(1587358780.786:485): pid=18404 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/723/bus" dev="sda1" ino=16626 res=1
04:59:41 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f4", 0xb5)

04:59:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:42 executing program 3:
mknod(&(0x7f0000000380)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8082, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x2082, 0x0)
splice(r0, 0x0, r3, 0x0, 0xb6, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, r3)
write(r0, &(0x7f00000001c0)="79506874756cf3182f01ef31d24bf37d9b5b8ce304e83f3fc7abe21165e748bceb62570de4eeacdc8e5eeadb5df4c774f15344905d0a3441ca2cc8c59078a637946e71542f76e20a8d0ade6cac1a6710cc7283c6c741579e178ca6f8beff0376de3edbc1145dd1b2f577a8f312e07241ea4cda37cc16eef69570bc17a3827c2129336daf9e24e130d0c658c2c30478cd71ae8932b3547db2949e4ade8dfc4fcd858c795bf554af156f63062a7a445b123c59a4d3f4", 0xb5)

04:59:42 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(0x0, 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  736.970663] audit: type=1804 audit(1587358780.956:486): pid=18405 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/613/bus" dev="sda1" ino=16610 res=1
04:59:42 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)

[  737.127439] audit: type=1804 audit(1587358780.976:487): pid=18407 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/723/bus" dev="sda1" ino=16626 res=1
[  737.137311] bond152 (uninitialized): Released all slaves
[  737.159722] audit: type=1804 audit(1587358781.326:488): pid=18406 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/856/bus" dev="sda1" ino=16658 res=1
[  737.161709] attempt to access beyond end of device
[  737.185298] audit: type=1804 audit(1587358781.456:489): pid=18408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/856/bus" dev="sda1" ino=16658 res=1
[  737.222503] loop2: rw=1, want=78, limit=63
[  737.227261] buffer_io_error: 14 callbacks suppressed
[  737.227316] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  737.297714] FAT-fs (loop1): bogus number of reserved sectors
[  737.304602] FAT-fs (loop1): Can't find a valid FAT filesystem
[  737.328658] bond10 (uninitialized): Released all slaves
[  737.343617] attempt to access beyond end of device
[  737.564681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  737.596920] audit: type=1804 audit(1587358782.036:490): pid=18432 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/857/file0/bus" dev="loop2" ino=154 res=1
04:59:43 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)

[  737.640988] audit: type=1804 audit(1587358782.916:491): pid=18479 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/724/file0/bus" dev="sda1" ino=16929 res=1
[  737.676666] loop2: rw=1, want=79, limit=63
[  737.681594] Buffer I/O error on dev loop2, logical block 78, lost async page write
[  737.696735] attempt to access beyond end of device
[  737.733031] loop2: rw=1, want=80, limit=63
[  737.755409] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  737.785097] audit: type=1804 audit(1587358783.016:492): pid=18480 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/724/file0/bus" dev="sda1" ino=16929 res=1
[  737.829279] attempt to access beyond end of device
[  737.838061] loop2: rw=1, want=81, limit=63
[  737.846622] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  737.858340] attempt to access beyond end of device
[  737.867290] loop2: rw=1, want=114, limit=63
[  737.875435] Buffer I/O error on dev loop2, logical block 113, lost async page write
[  737.925781] print_req_error: I/O error, dev loop1, sector 1
[  737.931951] Buffer I/O error on dev loop1, logical block 1, async page read
[  737.937585] attempt to access beyond end of device
[  737.939233] print_req_error: I/O error, dev loop1, sector 2
[  737.955604] Buffer I/O error on dev loop1, logical block 2, async page read
[  737.963722] print_req_error: I/O error, dev loop1, sector 3
[  737.970161] Buffer I/O error on dev loop1, logical block 3, async page read
[  737.977812] print_req_error: I/O error, dev loop1, sector 4
[  737.983896] Buffer I/O error on dev loop1, logical block 4, async page read
[  737.991390] print_req_error: I/O error, dev loop1, sector 5
[  737.997112] Buffer I/O error on dev loop1, logical block 5, async page read
[  738.004744] print_req_error: I/O error, dev loop1, sector 6
[  738.005735] loop2: rw=1, want=115, limit=63
[  738.015000] print_req_error: I/O error, dev loop1, sector 7
[  738.016650] attempt to access beyond end of device
[  738.311633] audit: type=1804 audit(1587358783.596:493): pid=18493 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/621/file0/bus" dev="sda1" ino=16849 res=1
[  738.339130] loop2: rw=1, want=116, limit=63
[  738.344648] attempt to access beyond end of device
[  738.358798] loop2: rw=1, want=117, limit=63
[  738.369249] attempt to access beyond end of device
[  738.381856] loop2: rw=1, want=130, limit=63
[  738.386441] attempt to access beyond end of device
[  738.395462] loop2: rw=1, want=131, limit=63
[  738.404071] attempt to access beyond end of device
[  738.409239] loop2: rw=1, want=132, limit=63
[  738.417669] attempt to access beyond end of device
[  738.453080] loop2: rw=1, want=133, limit=63
04:59:44 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  738.505347] attempt to access beyond end of device
[  738.521870] loop2: rw=1, want=4237, limit=63
[  738.565698] attempt to access beyond end of device
04:59:44 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  738.603248] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  738.629466] loop2: rw=1, want=8333, limit=63
[  738.637814] attempt to access beyond end of device
04:59:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:44 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)

[  738.661826] loop2: rw=1, want=12429, limit=63
[  738.668893] attempt to access beyond end of device
[  738.678124] loop2: rw=1, want=13113, limit=63
[  738.852464] bond152 (uninitialized): Released all slaves
04:59:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:45 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(0x0, 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  740.088470] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:45 executing program 3:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(r3, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:59:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  740.528855] FAT-fs (loop1): bogus number of reserved sectors
[  740.534829] FAT-fs (loop1): Can't find a valid FAT filesystem
[  740.828252] bond10 (uninitialized): Released all slaves
[  740.889558] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  741.185033] kauditd_printk_skb: 7 callbacks suppressed
[  741.191651] audit: type=1804 audit(1587358786.746:501): pid=18633 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/858/file0/bus" dev="loop2" ino=155 res=1
[  741.415689] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:47 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:47 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)

04:59:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  741.801215] attempt to access beyond end of device
[  741.806276] loop2: rw=1, want=78, limit=63
[  741.838709] attempt to access beyond end of device
04:59:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  741.847787] loop2: rw=1, want=79, limit=63
[  741.852768] attempt to access beyond end of device
[  741.857860] loop2: rw=1, want=80, limit=63
[  741.878269] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  741.887273] attempt to access beyond end of device
[  741.903070] loop2: rw=1, want=81, limit=63
[  741.911649] attempt to access beyond end of device
[  741.916812] loop2: rw=1, want=114, limit=63
[  741.922146] attempt to access beyond end of device
[  741.927264] loop2: rw=1, want=115, limit=63
[  741.932059] attempt to access beyond end of device
[  741.937183] loop2: rw=1, want=116, limit=63
[  741.941998] attempt to access beyond end of device
[  741.947215] loop2: rw=1, want=117, limit=63
[  741.951947] attempt to access beyond end of device
[  741.957066] loop2: rw=1, want=130, limit=63
[  741.961993] attempt to access beyond end of device
[  741.968037] loop2: rw=1, want=131, limit=63
[  741.973493] attempt to access beyond end of device
[  741.978865] loop2: rw=1, want=132, limit=63
[  741.984111] attempt to access beyond end of device
[  741.989880] loop2: rw=1, want=133, limit=63
[  741.997341] attempt to access beyond end of device
[  742.003286] loop2: rw=1, want=4237, limit=63
[  742.044097] attempt to access beyond end of device
[  742.051274] loop2: rw=1, want=8333, limit=63
[  742.072477] attempt to access beyond end of device
[  742.077969] loop2: rw=1, want=12317, limit=63
[  742.106386] FAT-fs (loop1): bogus number of reserved sectors
[  742.112525] FAT-fs (loop1): Can't find a valid FAT filesystem
[  742.324633] audit: type=1804 audit(1587358787.726:502): pid=18749 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/727/file0/bus" dev="sda1" ino=16722 res=1
[  742.521343] audit: type=1804 audit(1587358787.826:503): pid=18750 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/727/file0/bus" dev="sda1" ino=16722 res=1
04:59:48 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  742.691310] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
04:59:48 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  742.767175] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:48 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(0x0, 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:48 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  743.579985] audit: type=1804 audit(1587358788.826:504): pid=18892 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/728/bus" dev="sda1" ino=16690 res=1
[  743.629018] FAT-fs (loop1): bogus number of reserved sectors
[  743.635008] FAT-fs (loop1): Can't find a valid FAT filesystem
[  743.691521] audit: type=1804 audit(1587358788.886:505): pid=18862 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/859/bus" dev="sda1" ino=16705 res=1
[  743.718176] audit: type=1804 audit(1587358789.026:506): pid=18893 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/728/bus" dev="sda1" ino=16690 res=1
04:59:49 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  743.838699] print_req_error: I/O error, dev loop1, sector 1
[  743.844778] buffer_io_error: 21 callbacks suppressed
[  743.844785] Buffer I/O error on dev loop1, logical block 1, async page read
[  743.862177] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  743.868917] print_req_error: I/O error, dev loop1, sector 2
[  743.876507] Buffer I/O error on dev loop1, logical block 2, async page read
04:59:49 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  743.883781] print_req_error: I/O error, dev loop1, sector 3
[  743.889621] Buffer I/O error on dev loop1, logical block 3, async page read
[  743.896912] print_req_error: I/O error, dev loop1, sector 4
[  743.902465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18903 comm=syz-executor.5
[  743.902762] Buffer I/O error on dev loop1, logical block 4, async page read
[  743.926042] print_req_error: I/O error, dev loop1, sector 5
[  743.932033] Buffer I/O error on dev loop1, logical block 5, async page read
[  743.939577] print_req_error: I/O error, dev loop1, sector 6
[  743.945334] Buffer I/O error on dev loop1, logical block 6, async page read
[  743.952566] print_req_error: I/O error, dev loop1, sector 7
[  743.958322] Buffer I/O error on dev loop1, logical block 7, async page read
[  743.983230] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  744.277925] audit: type=1804 audit(1587358789.696:507): pid=18928 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/729/bus" dev="sda1" ino=16498 res=1
[  744.369264] audit: type=1804 audit(1587358789.796:508): pid=18929 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/729/bus" dev="sda1" ino=16498 res=1
[  744.394546] bond10 (uninitialized): Released all slaves
[  744.405136] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  744.418773] FAT-fs (loop1): bogus number of reserved sectors
[  744.424800] FAT-fs (loop1): Can't find a valid FAT filesystem
04:59:50 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:50 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  745.197127] audit: type=1804 audit(1587358790.756:509): pid=18963 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/619/file0/bus" dev="loop5" ino=156 res=1
[  745.436245] audit: type=1804 audit(1587358790.806:510): pid=18968 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/619/file0/bus" dev="loop5" ino=156 res=1
04:59:51 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  745.708469] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  745.822019] FAT-fs (loop1): bogus number of reserved sectors
[  745.822144] FAT-fs (loop1): Can't find a valid FAT filesystem
04:59:51 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:51 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:52 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  746.469896] print_req_error: I/O error, dev loop1, sector 1
[  746.479062] Buffer I/O error on dev loop1, logical block 1, async page read
[  746.509609] print_req_error: I/O error, dev loop1, sector 2
04:59:52 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  746.515487] Buffer I/O error on dev loop1, logical block 2, async page read
[  746.522709] print_req_error: I/O error, dev loop1, sector 3
[  746.528456] Buffer I/O error on dev loop1, logical block 3, async page read
[  746.600462] kauditd_printk_skb: 2 callbacks suppressed
[  746.600470] audit: type=1804 audit(1587358792.166:513): pid=19075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/620/file0/bus" dev="loop5" ino=157 res=1
[  747.732310] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
04:59:53 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  747.763988] audit: type=1804 audit(1587358792.246:514): pid=19084 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/620/file0/bus" dev="loop5" ino=157 res=1
04:59:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:53 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:53 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  748.153893] audit: type=1804 audit(1587358792.476:515): pid=19098 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/731/bus" dev="sda1" ino=16498 res=1
[  748.683946] audit: type=1804 audit(1587358792.526:516): pid=19086 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/731/bus" dev="sda1" ino=16498 res=1
04:59:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:54 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:54 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  749.004561] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
04:59:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:54 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:54 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  749.174081] attempt to access beyond end of device
[  749.179108] loop5: rw=1, want=5765, limit=63
[  749.330613] audit: type=1804 audit(1587358794.896:517): pid=19191 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/863/file0/bus" dev="loop2" ino=158 res=1
[  749.615619] attempt to access beyond end of device
[  749.620831] loop5: rw=1, want=9861, limit=63
[  749.631766] attempt to access beyond end of device
[  749.636939] loop5: rw=1, want=13957, limit=63
[  749.643663] audit: type=1804 audit(1587358795.056:518): pid=19191 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/863/file0/bus" dev="loop2" ino=158 res=1
[  749.673952] attempt to access beyond end of device
[  749.679061] loop5: rw=1, want=18053, limit=63
[  749.690193] attempt to access beyond end of device
[  749.696106] audit: type=1804 audit(1587358795.066:519): pid=19201 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/732/bus" dev="sda1" ino=17030 res=1
[  749.722299] loop5: rw=1, want=22149, limit=63
[  749.733511] attempt to access beyond end of device
[  749.738909] loop5: rw=1, want=26245, limit=63
[  749.753879] audit: type=1804 audit(1587358795.156:520): pid=19197 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/732/bus" dev="sda1" ino=17030 res=1
[  749.783783] attempt to access beyond end of device
[  749.792706] loop5: rw=1, want=30341, limit=63
[  749.805902] attempt to access beyond end of device
[  749.821668] FAT-fs (loop1): bogus number of reserved sectors
[  749.827714] FAT-fs (loop1): Can't find a valid FAT filesystem
[  749.857224] loop5: rw=1, want=34437, limit=63
[  749.933832] attempt to access beyond end of device
[  749.951808] print_req_error: 4 callbacks suppressed
[  749.951815] print_req_error: I/O error, dev loop1, sector 1
[  749.963527] buffer_io_error: 4 callbacks suppressed
[  749.963533] Buffer I/O error on dev loop1, logical block 1, async page read
[  749.978577] print_req_error: I/O error, dev loop1, sector 2
[  749.984693] Buffer I/O error on dev loop1, logical block 2, async page read
[  749.992227] print_req_error: I/O error, dev loop1, sector 3
[  749.999291] Buffer I/O error on dev loop1, logical block 3, async page read
[  750.009938] print_req_error: I/O error, dev loop1, sector 4
[  750.015846] Buffer I/O error on dev loop1, logical block 4, async page read
[  750.023438] print_req_error: I/O error, dev loop1, sector 5
[  750.029554] Buffer I/O error on dev loop1, logical block 5, async page read
[  750.036892] print_req_error: I/O error, dev loop1, sector 6
[  750.043120] Buffer I/O error on dev loop1, logical block 6, async page read
[  750.061550] print_req_error: I/O error, dev loop1, sector 7
[  750.068746] Buffer I/O error on dev loop1, logical block 7, async page read
04:59:55 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  750.147774] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  750.189401] loop5: rw=1, want=38533, limit=63
[  750.197949] attempt to access beyond end of device
04:59:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  750.266099] loop5: rw=1, want=42629, limit=63
04:59:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  750.289757] attempt to access beyond end of device
[  750.294712] loop5: rw=1, want=46725, limit=63
[  750.304862] attempt to access beyond end of device
[  750.327235] loop5: rw=1, want=50821, limit=63
[  750.334880] attempt to access beyond end of device
[  750.344029] loop5: rw=1, want=52873, limit=63
[  750.812037] audit: type=1804 audit(1587358796.186:521): pid=19254 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/733/bus" dev="sda1" ino=17032 res=1
[  750.844747] audit: type=1804 audit(1587358796.246:522): pid=19255 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/864/bus" dev="sda1" ino=17033 res=1
[  751.058474] FAT-fs (loop1): bogus number of reserved sectors
[  751.065481] FAT-fs (loop1): Can't find a valid FAT filesystem
04:59:56 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  751.282226] print_req_error: I/O error, dev loop1, sector 1
[  751.288022] Buffer I/O error on dev loop1, logical block 1, async page read
[  751.290433] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  751.295498] print_req_error: I/O error, dev loop1, sector 2
[  751.310921] Buffer I/O error on dev loop1, logical block 2, async page read
[  751.318787] print_req_error: I/O error, dev loop1, sector 3
[  751.325128] Buffer I/O error on dev loop1, logical block 3, async page read
04:59:56 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  751.403065] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
04:59:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:57 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  752.128138] FAT-fs (loop1): bogus number of reserved sectors
[  752.134116] FAT-fs (loop1): Can't find a valid FAT filesystem
[  752.141861] kauditd_printk_skb: 2 callbacks suppressed
[  752.141870] audit: type=1804 audit(1587358797.276:525): pid=19336 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/865/file0/bus" dev="sda1" ino=15844 res=1
[  752.202853] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19345 comm=syz-executor.4
[  752.327154] audit: type=1804 audit(1587358797.276:526): pid=19336 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/865/file0/bus" dev="sda1" ino=15844 res=1
04:59:57 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  752.440530] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  752.531979] audit: type=1804 audit(1587358797.396:527): pid=19340 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/734/bus" dev="sda1" ino=15859 res=1
[  752.561512] audit: type=1804 audit(1587358797.576:528): pid=19342 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/734/bus" dev="sda1" ino=15859 res=1
[  752.701971] FAT-fs (loop1): bogus number of reserved sectors
[  752.707934] FAT-fs (loop1): Can't find a valid FAT filesystem
[  752.728394] audit: type=1804 audit(1587358798.286:529): pid=19370 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/735/file0/bus" dev="sda1" ino=15844 res=1
[  752.812015] audit: type=1804 audit(1587358798.336:530): pid=19373 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/735/file0/bus" dev="sda1" ino=15844 res=1
[  753.270306] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
04:59:58 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:58 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

04:59:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

04:59:58 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

04:59:58 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  753.485447] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  754.639539] audit: type=1804 audit(1587358799.246:531): pid=19502 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/630/bus" dev="sda1" ino=16098 res=1
05:00:00 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:00 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:00 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:00 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  755.162654] audit: type=1804 audit(1587358799.256:532): pid=19503 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/866/bus" dev="sda1" ino=16114 res=1
[  755.265085] audit: type=1804 audit(1587358799.256:533): pid=19503 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/866/bus" dev="sda1" ino=16114 res=1
[  755.318367] FAT-fs (loop1): bogus number of reserved sectors
[  755.324500] FAT-fs (loop1): Can't find a valid FAT filesystem
05:00:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  755.852232] audit: type=1804 audit(1587358799.446:534): pid=19506 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/630/bus" dev="sda1" ino=16098 res=1
05:00:01 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  755.980453] print_req_error: 4 callbacks suppressed
[  755.980460] print_req_error: I/O error, dev loop1, sector 1
[  755.991338] buffer_io_error: 4 callbacks suppressed
[  755.991345] Buffer I/O error on dev loop1, logical block 1, async page read
[  756.003880] print_req_error: I/O error, dev loop1, sector 2
[  756.011191] Buffer I/O error on dev loop1, logical block 2, async page read
[  756.018351] print_req_error: I/O error, dev loop1, sector 3
[  756.024605] Buffer I/O error on dev loop1, logical block 3, async page read
05:00:01 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  756.053519] print_req_error: I/O error, dev loop1, sector 4
[  756.059447] Buffer I/O error on dev loop1, logical block 4, async page read
[  756.067034] print_req_error: I/O error, dev loop1, sector 5
[  756.073560] Buffer I/O error on dev loop1, logical block 5, async page read
[  756.080882] print_req_error: I/O error, dev loop1, sector 6
[  756.086614] Buffer I/O error on dev loop1, logical block 6, async page read
[  756.094655] print_req_error: I/O error, dev loop1, sector 7
[  756.100488] Buffer I/O error on dev loop1, logical block 7, async page read
[  756.286653] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  757.014138] FAT-fs (loop1): invalid media value (0x00)
[  757.019579] FAT-fs (loop1): Can't find a valid FAT filesystem
05:00:02 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:02 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:02 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:02 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  758.128375] kauditd_printk_skb: 14 callbacks suppressed
[  758.128385] audit: type=1804 audit(1587358803.166:549): pid=19662 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/624/bus" dev="sda1" ino=16306 res=1
[  758.167857] audit: type=1804 audit(1587358803.186:550): pid=19663 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/739/bus" dev="sda1" ino=16322 res=1
05:00:03 executing program 3:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(r3, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x101]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:00:03 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:03 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:03 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  758.256035] audit: type=1804 audit(1587358803.366:551): pid=19664 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/624/bus" dev="sda1" ino=16306 res=1
[  758.267468] bond158 (uninitialized): Released all slaves
[  758.306737] audit: type=1804 audit(1587358803.636:552): pid=19665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/739/bus" dev="sda1" ino=16322 res=1
[  758.346577] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  758.349221] audit: type=1804 audit(1587358803.686:553): pid=19636 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/631/bus" dev="sda1" ino=16353 res=1
[  758.386701] audit: type=1804 audit(1587358803.686:554): pid=19641 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/631/bus" dev="sda1" ino=16353 res=1
[  759.218475] audit: type=1804 audit(1587358804.186:555): pid=19708 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/625/bus" dev="sda1" ino=16370 res=1
05:00:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:04 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:04 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  759.370413] audit: type=1804 audit(1587358804.206:556): pid=19710 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/740/bus" dev="sda1" ino=16401 res=1
[  759.474831] audit: type=1804 audit(1587358804.376:557): pid=19711 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/625/bus" dev="sda1" ino=16370 res=1
[  759.476558] bond158 (uninitialized): Released all slaves
[  759.540364] audit: type=1804 audit(1587358804.506:558): pid=19712 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/740/bus" dev="sda1" ino=16401 res=1
[  759.614697] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  759.713804] FAT-fs (loop1): invalid media value (0x00)
[  759.719285] FAT-fs (loop1): Can't find a valid FAT filesystem
[  759.986898] bond11 (uninitialized): Released all slaves
[  760.003486] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
05:00:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:05 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:05 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:05 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
write$binfmt_script(r1, 0x0, 0x29)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  760.639891] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19805 comm=syz-executor.3
[  760.700836] bond158 (uninitialized): Released all slaves
[  760.714409] bond6 (uninitialized): Released all slaves
[  760.766254] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:06 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  761.127352] FAT-fs (loop1): invalid media value (0x00)
[  761.132823] FAT-fs (loop1): Can't find a valid FAT filesystem
05:00:06 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  761.513292] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:00:07 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
write$binfmt_script(r1, 0x0, 0x29)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  761.734577] print_req_error: I/O error, dev loop1, sector 1
[  761.740950] Buffer I/O error on dev loop1, logical block 1, async page read
[  761.749709] print_req_error: I/O error, dev loop1, sector 2
[  761.757102] Buffer I/O error on dev loop1, logical block 2, async page read
[  761.778933] print_req_error: I/O error, dev loop1, sector 3
[  761.791751] Buffer I/O error on dev loop1, logical block 3, async page read
[  761.800942] print_req_error: I/O error, dev loop1, sector 4
[  761.807353] Buffer I/O error on dev loop1, logical block 4, async page read
[  761.816177] print_req_error: I/O error, dev loop1, sector 5
[  761.824542] Buffer I/O error on dev loop1, logical block 5, async page read
[  761.833802] print_req_error: I/O error, dev loop1, sector 6
[  761.858211] Buffer I/O error on dev loop1, logical block 6, async page read
[  761.870162] print_req_error: I/O error, dev loop1, sector 7
[  761.877968] Buffer I/O error on dev loop1, logical block 7, async page read
05:00:07 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:07 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, 0x0, &(0x7f0000000380))
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  762.319053] bond6 (uninitialized): Released all slaves
[  762.346452] bond158 (uninitialized): Released all slaves
[  762.377378] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  763.219882] kauditd_printk_skb: 8 callbacks suppressed
[  763.219892] audit: type=1804 audit(1587358808.156:567): pid=19888 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/628/bus" dev="sda1" ino=16505 res=1
05:00:08 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  763.320847] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:08 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
write$binfmt_script(r1, 0x0, 0x29)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:08 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:09 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  763.405344] audit: type=1804 audit(1587358808.196:568): pid=19880 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/743/bus" dev="sda1" ino=16506 res=1
05:00:09 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, 0x0, &(0x7f0000000380))
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  763.462448] audit: type=1804 audit(1587358808.356:569): pid=19889 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/628/bus" dev="sda1" ino=16505 res=1
[  763.524297] audit: type=1804 audit(1587358808.756:570): pid=19883 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/743/bus" dev="sda1" ino=16506 res=1
[  763.682588] FAT-fs (loop1): invalid media value (0x00)
[  763.688026] FAT-fs (loop1): Can't find a valid FAT filesystem
[  764.119233] bond6 (uninitialized): Released all slaves
[  764.159751] audit: type=1804 audit(1587358809.316:571): pid=19936 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/744/file0/bus" dev="sda1" ino=16510 res=1
[  764.243056] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19946 comm=syz-executor.4
05:00:09 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  764.559391] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:00:10 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:10 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  764.626827] audit: type=1804 audit(1587358809.516:572): pid=19938 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/744/file0/bus" dev="sda1" ino=16510 res=1
[  764.664329] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, 0x0, &(0x7f0000000380))
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  764.691481] audit: type=1804 audit(1587358809.896:573): pid=19951 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/629/file0/bus" dev="loop5" ino=159 res=1
05:00:10 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  764.757999] attempt to access beyond end of device
[  764.815903] FAT-fs (loop1): invalid media value (0x00)
[  764.821366] FAT-fs (loop1): Can't find a valid FAT filesystem
[  764.842381] loop5: rw=1, want=5681, limit=63
[  765.011731] attempt to access beyond end of device
[  765.047992] loop5: rw=1, want=6637, limit=63
[  765.052700] audit: type=1804 audit(1587358809.936:574): pid=19956 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/629/file0/bus" dev="loop5" ino=159 res=1
[  765.118637] bond158 (uninitialized): Released all slaves
[  765.119567] audit: type=1804 audit(1587358810.426:575): pid=19975 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/745/file0/bus" dev="sda1" ino=15813 res=1
[  765.871519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:11 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  765.955713] audit: type=1804 audit(1587358810.476:576): pid=19982 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/745/file0/bus" dev="sda1" ino=15813 res=1
05:00:12 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:12 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4044004)
write$binfmt_script(r1, 0x0, 0x29)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r5 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r5)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:12 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:12 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:12 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  767.094032] bond158 (uninitialized): Released all slaves
[  767.685130] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  767.772051] FAT-fs (loop1): invalid media value (0x00)
[  767.777466] FAT-fs (loop1): Can't find a valid FAT filesystem
05:00:13 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(0x0, 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:13 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, 0x0, &(0x7f0000000380))
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  768.869558] kauditd_printk_skb: 14 callbacks suppressed
[  768.869567] audit: type=1804 audit(1587358813.876:591): pid=20096 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/747/bus" dev="sda1" ino=16370 res=1
05:00:14 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(0x0, 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:15 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  769.920461] audit: type=1804 audit(1587358813.926:592): pid=20097 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/747/bus" dev="sda1" ino=16370 res=1
05:00:15 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  770.258194] audit: type=1804 audit(1587358814.796:593): pid=20110 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/876/bus" dev="sda1" ino=16532 res=1
[  770.422630] bond6 (uninitialized): Released all slaves
[  770.581856] audit: type=1804 audit(1587358814.846:594): pid=20114 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/876/bus" dev="sda1" ino=16532 res=1
[  770.643529] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  771.564250] audit: type=1804 audit(1587358816.576:595): pid=20154 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/877/bus" dev="sda1" ino=16564 res=1
05:00:17 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  771.635340] audit: type=1804 audit(1587358816.676:596): pid=20155 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/877/bus" dev="sda1" ino=16564 res=1
[  771.720957] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:17 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  772.082784] audit: type=1804 audit(1587358817.466:597): pid=20174 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/748/bus" dev="sda1" ino=16566 res=1
[  772.107283] audit: type=1804 audit(1587358817.566:598): pid=20175 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/748/bus" dev="sda1" ino=16566 res=1
05:00:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:18 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x401)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r4)

[  772.644149] audit: type=1804 audit(1587358818.206:599): pid=20200 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/878/bus" dev="sda1" ino=16543 res=1
05:00:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(0x0, 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  772.693669] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  772.888220] audit: type=1804 audit(1587358818.276:600): pid=20201 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/878/bus" dev="sda1" ino=16543 res=1
05:00:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:18 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  773.165538] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e34c2a00090"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:19 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  773.783289] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  774.267616] kauditd_printk_skb: 2 callbacks suppressed
[  774.267625] audit: type=1804 audit(1587358819.486:603): pid=20257 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/879/bus" dev="sda1" ino=16543 res=1
05:00:19 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  774.267898] audit: type=1804 audit(1587358819.676:604): pid=20258 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/879/bus" dev="sda1" ino=16543 res=1
05:00:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:20 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  774.680820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  774.784503] audit: type=1804 audit(1587358820.346:605): pid=20287 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/880/bus" dev="sda1" ino=16543 res=1
05:00:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  775.042508] audit: type=1804 audit(1587358820.396:606): pid=20289 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/880/bus" dev="sda1" ino=16543 res=1
[  775.218746] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  775.302693] audit: type=1804 audit(1587358820.866:607): pid=20307 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/750/bus" dev="sda1" ino=16574 res=1
[  775.553891] audit: type=1804 audit(1587358820.906:608): pid=20311 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/750/bus" dev="sda1" ino=16574 res=1
[  775.834555] audit: type=1804 audit(1587358821.396:609): pid=20323 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/632/bus" dev="sda1" ino=16568 res=1
[  775.973832] audit: type=1804 audit(1587358821.436:610): pid=20327 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/632/bus" dev="sda1" ino=16568 res=1
05:00:22 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(r3, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x101]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:00:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:22 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:22 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x401)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r4)

[  776.551105] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  777.210328] audit: type=1804 audit(1587358822.276:611): pid=20368 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/881/bus" dev="sda1" ino=15827 res=1
05:00:22 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(r3, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x101]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:00:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  777.435365] audit: type=1804 audit(1587358822.326:612): pid=20369 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/751/bus" dev="sda1" ino=16543 res=1
05:00:23 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(0x0, 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  778.311342] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:23 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r3}, @IFLA_IFNAME={0x14, 0x3, 'batadv0\x00'}]}, 0x3c}}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r4=>0x0})
ptrace$cont(0x1f, r4, 0x9, 0x9550)
r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
dup3(r6, r7, 0x0)
dup2(r5, r8)

05:00:24 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(0xffffffffffffffff, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x101]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  779.171390] batadv0: Invalid MTU 2057 requested, hw max 1500
05:00:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:24 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  779.314437] attempt to access beyond end of device
[  779.329671] loop2: rw=1, want=6857, limit=63
[  779.381989] attempt to access beyond end of device
[  779.409103] loop2: rw=1, want=10953, limit=63
05:00:25 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  779.443183] attempt to access beyond end of device
[  779.462132] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  779.488107] loop2: rw=1, want=15049, limit=63
[  779.612847] attempt to access beyond end of device
[  779.668293] loop2: rw=1, want=18677, limit=63
05:00:25 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r5})
r6 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r7 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000040)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r7})
keyctl$unlink(0x9, r4, r6)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r8)

05:00:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:25 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, &(0x7f0000000140))
r4 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r5})
r6 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r7 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000040)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r7})
keyctl$unlink(0x9, r4, r6)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r8)

05:00:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(0x0, 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  780.839986] kauditd_printk_skb: 6 callbacks suppressed
[  780.839996] audit: type=1804 audit(1587358826.166:619): pid=20532 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/883/bus" dev="sda1" ino=15863 res=1
[  780.928902] audit: type=1804 audit(1587358826.236:620): pid=20534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/883/bus" dev="sda1" ino=15863 res=1
05:00:26 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(0x0, 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  781.285575] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:26 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  781.836011] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  782.099531] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-636-file0.mount: Start request repeated too quickly.
[  782.133613] audit: type=1804 audit(1587358827.696:621): pid=20603 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/884/file0/bus" dev="loop2" ino=162 res=1
[  782.205897] audit: type=1804 audit(1587358827.766:622): pid=20606 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/884/file0/bus" dev="loop2" ino=162 res=1
[  782.219555] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-691-file0.mount: Start request repeated too quickly.
05:00:27 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  782.254217] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:28 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(0x0, 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  782.467978] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  782.501416] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-679-file0.mount: Start request repeated too quickly.
[  782.813572] audit: type=1804 audit(1587358828.196:623): pid=20642 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/756/file0/bus" dev="sda1" ino=15909 res=1
05:00:28 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  782.854737] audit: type=1804 audit(1587358828.286:624): pid=20643 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/756/file0/bus" dev="sda1" ino=15909 res=1
[  783.089846] systemd[1]: dev-loop2.mount: Failed to check directory /dev/loop2: Not a directory
05:00:29 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:29 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  783.802593] audit: type=1804 audit(1587358829.366:625): pid=20688 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/885/file0/bus" dev="loop2" ino=163 res=1
[  784.075633] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  784.259689] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-637-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  784.339669] audit: type=1804 audit(1587358829.396:626): pid=20696 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/642/file0/bus" dev="sda1" ino=16068 res=1
05:00:30 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  784.438357] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-697-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:30 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r4, 0x800)
lseek(r4, 0x0, 0x2)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  784.572292] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-704-file0.mount: Failed to run 'mount' task: No such file or directory
[  784.576845] audit: type=1804 audit(1587358829.496:627): pid=20698 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/642/file0/bus" dev="sda1" ino=16068 res=1
[  784.635853] audit: type=1804 audit(1587358829.566:628): pid=20697 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/885/file0/bus" dev="loop2" ino=163 res=1
[  784.640060] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  784.665179] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-644-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:30 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:31 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  785.516389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  785.543743] attempt to access beyond end of device
[  785.575789] loop2: rw=1, want=5041, limit=63
05:00:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  785.613289] attempt to access beyond end of device
[  785.631714] loop2: rw=1, want=9137, limit=63
[  785.649639] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-752-file0.mount: Failed to run 'mount' task: No such file or directory
[  785.691210] attempt to access beyond end of device
[  785.719757] loop2: rw=1, want=11173, limit=63
[  785.753843] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-593-file0.mount: Failed to run 'mount' task: No such file or directory
[  785.838041] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  785.851618] kauditd_printk_skb: 4 callbacks suppressed
[  785.851628] audit: type=1804 audit(1587358831.416:633): pid=20772 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/643/file0/bus" dev="loop3" ino=165 res=1
[  785.961457] audit: type=1804 audit(1587358831.456:634): pid=20779 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/643/file0/bus" dev="loop3" ino=165 res=1
[  786.607279] attempt to access beyond end of device
[  786.634760] loop3: rw=1, want=5745, limit=63
[  786.643122] audit: type=1804 audit(1587358831.746:635): pid=20789 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/758/file0/bus" dev="sda1" ino=15987 res=1
05:00:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:32 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:32 executing program 3:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4ea4, @local}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(0xffffffffffffffff, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x101]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:00:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9], 0x2}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  786.717494] attempt to access beyond end of device
[  786.826648] loop3: rw=1, want=9841, limit=63
[  786.859887] attempt to access beyond end of device
05:00:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  786.893962] audit: type=1804 audit(1587358831.846:636): pid=20790 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/758/file0/bus" dev="sda1" ino=15987 res=1
[  786.923040] loop3: rw=1, want=10357, limit=63
[  787.022604] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  787.064990] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  787.098762] audit: type=1804 audit(1587358832.656:637): pid=20832 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/887/file0/bus" dev="loop2" ino=166 res=1
[  787.122821] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-689-file0.mount: Failed to run 'mount' task: No such file or directory
[  787.232072] audit: type=1804 audit(1587358832.736:638): pid=20839 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/887/file0/bus" dev="loop2" ino=166 res=1
[  787.752825] audit: type=1804 audit(1587358833.316:639): pid=20847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/759/bus" dev="sda1" ino=15766 res=1
[  787.892108] attempt to access beyond end of device
[  787.935376] loop2: rw=1, want=5153, limit=63
[  787.997770] attempt to access beyond end of device
[  788.022475] audit: type=1804 audit(1587358833.316:640): pid=20847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/759/bus" dev="sda1" ino=15766 res=1
[  788.052751] loop2: rw=1, want=9249, limit=63
[  788.097485] attempt to access beyond end of device
[  788.117852] loop2: rw=1, want=13345, limit=63
[  788.152762] attempt to access beyond end of device
[  788.171705] loop2: rw=1, want=15393, limit=63
05:00:33 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:33 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x2, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40, 0x8)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000007c0)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d00200009800000000000000680100009800000000000000380200003802000038020000380200003802000004000000000000000000000010000000e00000020000000000000000626f6e645f736c6176655f31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000380074696d65000000000000000000000000000000000000000000000000000000000000ffffffff4f970000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000380071756f7461000000000000000000000000000000000000000000000000000100000000000000470d0000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10)
sendmsg$NL80211_CMD_LEAVE_MESH(r4, &(0x7f0000000200)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r5, 0x800, 0x70bd27, 0x25dfdc00, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8003, 0x4}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x200, 0x2}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0xc000}, 0xc1)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000080)={0x9, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
dup3(r2, r3, 0x0)
dup2(r1, r7)

05:00:33 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  788.506657] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  788.693984] audit: type=1804 audit(1587358834.256:641): pid=20879 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/760/file0/bus" dev="loop1" ino=167 res=1
05:00:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:34 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  788.846514] audit: type=1804 audit(1587358834.286:642): pid=20879 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/760/file0/bus" dev="loop1" ino=167 res=1
[  789.049677] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:34 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:35 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:35 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  789.823856] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  789.890067] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-653-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:35 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  790.143903] ip_tables: iptables: counters copy to user failed while replacing table
[  790.153731] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-659-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:35 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  790.201681] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-706-file0.mount: Failed to run 'mount' task: No such file or directory
[  790.221248] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  790.253546] attempt to access beyond end of device
[  790.263781] loop2: rw=1, want=4421, limit=63
[  790.276030] attempt to access beyond end of device
[  790.309766] loop2: rw=1, want=8517, limit=63
[  790.351723] attempt to access beyond end of device
[  790.369628] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-704-file0.mount: Failed to run 'mount' task: No such file or directory
[  790.387364] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  790.411648] loop2: rw=1, want=10565, limit=63
05:00:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  790.659475] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-707-file0.mount: Failed to run 'mount' task: No such file or directory
[  790.877453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:36 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:36 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  791.154344] kauditd_printk_skb: 8 callbacks suppressed
[  791.154353] audit: type=1804 audit(1587358836.716:651): pid=21037 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/889/file0/bus" dev="loop2" ino=169 res=1
[  791.200202] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-704-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:37 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:37 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:37 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  792.133115] attempt to access beyond end of device
[  792.143944] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  792.154308] loop3: rw=1, want=5621, limit=63
[  792.156608] attempt to access beyond end of device
[  792.169616] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-762-file0.mount: Unit entered failed state.
[  792.181945] loop2: rw=1, want=5053, limit=63
[  792.192736] attempt to access beyond end of device
[  792.231864] loop3: rw=1, want=9717, limit=63
[  792.237832] audit: type=1804 audit(1587358836.786:652): pid=21047 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/889/file0/bus" dev="loop2" ino=169 res=1
[  792.259483] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-674-file0.mount: Failed to run 'mount' task: No such file or directory
[  792.325980] attempt to access beyond end of device
[  792.396670] loop3: rw=1, want=13813, limit=63
[  792.478231] attempt to access beyond end of device
[  792.489037] audit: type=1804 audit(1587358836.826:653): pid=21049 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/647/file0/bus" dev="loop3" ino=170 res=1
[  792.495884] loop3: rw=1, want=17909, limit=63
[  792.518557] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-703-file0.mount: Failed to run 'mount' task: No such file or directory
[  792.565363] attempt to access beyond end of device
[  792.587620] audit: type=1804 audit(1587358836.876:654): pid=21053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/647/file0/bus" dev="loop3" ino=170 res=1
[  792.607344] loop3: rw=1, want=17961, limit=63
[  792.619586] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-653-file0.mount: Failed to run 'mount' task: No such file or directory
[  792.667870] audit: type=1804 audit(1587358836.946:655): pid=21054 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/643/bus" dev="sda1" ino=16387 res=1
[  792.694714] print_req_error: I/O error, dev loop5, sector 0
[  792.728095] audit: type=1804 audit(1587358836.986:656): pid=21055 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/643/bus" dev="sda1" ino=16387 res=1
[  792.739737] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-593-file0.mount: Failed to run 'mount' task: No such file or directory
[  792.846621] audit: type=1804 audit(1587358837.976:657): pid=21082 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/763/bus" dev="sda1" ino=15893 res=1
[  793.014708] audit: type=1804 audit(1587358837.976:658): pid=21082 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/763/bus" dev="sda1" ino=15893 res=1
05:00:38 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:38 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  793.140903] audit: type=1804 audit(1587358838.436:659): pid=21091 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/890/file0/bus" dev="loop2" ino=171 res=1
05:00:39 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  793.628843] attempt to access beyond end of device
[  793.654738] loop2: rw=1, want=5669, limit=63
[  793.677998] audit: type=1804 audit(1587358838.476:660): pid=21093 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/890/file0/bus" dev="loop2" ino=171 res=1
[  793.708203] attempt to access beyond end of device
[  793.745028] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  793.754854] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-701-file0.mount: Failed to run 'mount' task: No such file or directory
[  793.776506] loop2: rw=1, want=9765, limit=63
05:00:39 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  793.940023] attempt to access beyond end of device
[  793.977671] loop2: rw=1, want=13861, limit=63
[  793.993621] attempt to access beyond end of device
[  794.009574] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-687-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  794.025397] loop2: rw=1, want=17957, limit=63
[  794.042188] attempt to access beyond end of device
[  794.063247] loop2: rw=1, want=21817, limit=63
[  794.113925] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-640-file0.mount: Failed to run 'mount' task: No such file or directory
[  794.439977] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-656-file0.mount: Failed to run 'mount' task: No such file or directory
05:00:40 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  794.669101] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  795.068681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:40 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  795.257976] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  795.691156] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:41 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="a7b74aad84a9d68309edc96a5b370a54cb86f78503c595924a093c6547c70921cd391b005ef73203a5cab984cd23e62dcb03f191f3b525328e92fad8556bc8010000802be63f6747a6cdb02d4d678ce828c53466ba9d95ad22be6d6d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec20e85a0b5dcfe211d1755bf6885fb485a0d6a6724374261746f1f794fa01a66be0fc9fd9bdb1e28bf55497006d103a3ab6a20d53217b98b76d852527fd955f9262edcf3a4901cb156caaf2f5a8a4f9b1d7153b080066070100009236f92118a2c8a49ca698a4016b1cfcb4fd38cee0af619e378a49a6f5dd49998413ac94591558f28b9c37f34595e6d88c840373", @ANYRESOCT], 0x0, 0x144}, 0x20)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:41 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:41 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x0)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:41 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  796.382668] attempt to access beyond end of device
[  796.412825] loop2: rw=1, want=5649, limit=63
[  796.459006] kauditd_printk_skb: 14 callbacks suppressed
[  796.459015] audit: type=1804 audit(1587358842.016:675): pid=21265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/766/file0/bus" dev="sda1" ino=16531 res=1
[  796.496294] attempt to access beyond end of device
[  796.511537] loop2: rw=1, want=9745, limit=63
[  796.532795] attempt to access beyond end of device
[  796.545218] loop2: rw=1, want=13841, limit=63
[  796.562969] audit: type=1804 audit(1587358842.016:676): pid=21265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/766/file0/bus" dev="sda1" ino=16531 res=1
[  796.798942] attempt to access beyond end of device
[  796.853846] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  796.856975] loop2: rw=1, want=17445, limit=63
[  796.941593] audit: type=1804 audit(1587358842.056:677): pid=21264 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/647/file0/bus" dev="loop5" ino=173 res=1
05:00:42 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  797.025910] audit: type=1804 audit(1587358842.056:678): pid=21264 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/647/file0/bus" dev="loop5" ino=173 res=1
05:00:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  797.079683] audit: type=1804 audit(1587358842.266:679): pid=21294 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/650/file0/bus" dev="loop3" ino=174 res=1
[  797.124053] audit: type=1804 audit(1587358842.276:680): pid=21294 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir949148331/syzkaller.WPV9a2/650/file0/bus" dev="loop3" ino=174 res=1
[  797.278669] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
05:00:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  797.486733] audit: type=1804 audit(1587358843.046:681): pid=21339 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/767/file0/bus" dev="sda1" ino=16618 res=1
[  797.577053] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
05:00:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  797.622353] audit: type=1804 audit(1587358843.046:682): pid=21339 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir538240783/syzkaller.5pKsS3/767/file0/bus" dev="sda1" ino=16618 res=1
05:00:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

[  797.764171] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  797.909134] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  798.069610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[  798.385222] audit: type=1804 audit(1587358843.946:683): pid=21407 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/892/file0/bus" dev="loop2" ino=175 res=1
[  798.523104] audit: type=1804 audit(1587358844.016:684): pid=21408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir147033200/syzkaller.5LVYB2/892/file0/bus" dev="loop2" ino=175 res=1
[  798.783346] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-639-file0.mount: Failed to run 'mount' task: No such file or directory
[  798.979511] systemd[1]: root-syzkaller\x2dtestdir698555772-syzkaller.SID8ZR-594-file0.mount: Failed to run 'mount' task: No such file or directory
[  799.064161] attempt to access beyond end of device
[  799.069161] loop2: rw=1, want=5689, limit=63
[  799.088016] attempt to access beyond end of device
[  799.101318] loop2: rw=1, want=9785, limit=63
[  799.117738] attempt to access beyond end of device
[  799.122953] loop2: rw=1, want=13881, limit=63
[  799.132654] attempt to access beyond end of device
[  799.137792] loop2: rw=1, want=17977, limit=63
[  799.145110] attempt to access beyond end of device
[  799.150195] loop2: rw=1, want=19485, limit=63
05:00:44 executing program 0:
socket$inet(0x2, 0x80001, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

05:00:44 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x0)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838013d9bf1710f6f3e8b7e90d275824e"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:44 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0400b20000000000"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000d0700a47f793f000000ff030000", @ANYRES32=r9, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c000200080001000600000043ce292fcc18ba6c0dfe946d63bc976799a426b914e408ed2838"], 0x3}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004bc0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

05:00:44 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:44 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x0)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

05:00:45 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  800.212938] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  800.412145] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  800.906594] ==================================================================
[  800.914604] BUG: KASAN: use-after-free in macvlan_dev_get_iflink+0x5f/0x70
[  800.921717] Read of size 4 at addr ffff888092b3ea08 by task syz-executor.4/21423
[  800.929448] 
[  800.931088] CPU: 1 PID: 21423 Comm: syz-executor.4 Not tainted 4.14.176-syzkaller #0
[  800.938972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  800.948332] Call Trace:
[  800.950932]  dump_stack+0x13e/0x194
[  800.954570]  ? macvlan_dev_get_iflink+0x5f/0x70
[  800.959251]  print_address_description.cold+0x7c/0x1e2
[  800.964542]  ? macvlan_dev_get_iflink+0x5f/0x70
[  800.969225]  kasan_report.cold+0xa9/0x2ae
[  800.973389]  macvlan_dev_get_iflink+0x5f/0x70
[  800.977891]  ? macvlan_dev_poll_controller+0x10/0x10
[  800.983002]  dev_get_iflink+0x73/0xe0
[  800.986877]  rfc2863_policy+0x17e/0x1e0
[  800.990866]  linkwatch_do_dev+0x16/0xe0
[  800.994856]  linkwatch_forget_dev+0x15c/0x1f0
[  800.999367]  netdev_run_todo+0x234/0x710
[  801.003441]  ? dev_set_mtu+0x3a0/0x3a0
[  801.007340]  ? lock_downgrade+0x6e0/0x6e0
[  801.011501]  ? rtnl_link_unregister+0x1f0/0x1f0
[  801.016180]  rtnetlink_rcv_msg+0x3cb/0xb10
[  801.020511]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[  801.025107]  ? netdev_pick_tx+0x2e0/0x2e0
[  801.029262]  ? skb_clone+0x11c/0x310
[  801.033014]  ? save_trace+0x290/0x290
[  801.037045]  netlink_rcv_skb+0x127/0x370
[  801.041121]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[  801.045712]  ? netlink_ack+0x980/0x980
[  801.049621]  netlink_unicast+0x437/0x620
[  801.053703]  ? netlink_attachskb+0x600/0x600
[  801.058132]  netlink_sendmsg+0x733/0xbe0
[  801.062210]  ? netlink_unicast+0x620/0x620
[  801.066479]  ? SYSC_sendto+0x2b0/0x2b0
[  801.070382]  ? security_socket_sendmsg+0x83/0xb0
[  801.075151]  ? netlink_unicast+0x620/0x620
[  801.079399]  sock_sendmsg+0xc5/0x100
[  801.083120]  ___sys_sendmsg+0x70a/0x840
[  801.087127]  ? trace_hardirqs_on+0x10/0x10
[  801.091984]  ? copy_msghdr_from_user+0x380/0x380
[  801.096794]  ? find_held_lock+0x2d/0x110
[  801.100872]  ? lock_downgrade+0x6e0/0x6e0
[  801.105054]  ? __fget+0x228/0x360
[  801.108538]  ? __fget_light+0x199/0x1f0
[  801.112534]  ? sockfd_lookup_light+0xb2/0x160
[  801.117039]  __sys_sendmsg+0xa3/0x120
[  801.120854]  ? SyS_shutdown+0x160/0x160
[  801.124864]  ? SyS_clock_gettime+0xf5/0x180
[  801.129197]  ? SyS_clock_settime+0x1a0/0x1a0
[  801.133712]  SyS_sendmsg+0x27/0x40
[  801.137258]  ? __sys_sendmsg+0x120/0x120
[  801.141332]  do_syscall_64+0x1d5/0x640
[  801.145238]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  801.150437] RIP: 0033:0x45c829
[  801.153631] RSP: 002b:00007f2714dabc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  801.161349] RAX: ffffffffffffffda RBX: 0000000000500a40 RCX: 000000000045c829
[  801.168632] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000006
[  801.175906] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  801.183182] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  801.190463] R13: 00000000000009fe R14: 00000000004ccb57 R15: 00007f2714dac6d4
[  801.197756] 
[  801.199391] Allocated by task 21423:
[  801.203114]  save_stack+0x32/0xa0
[  801.206575]  kasan_kmalloc+0xbf/0xe0
[  801.210315]  __kmalloc_node+0x4c/0x70
[  801.214256]  kvmalloc_node+0x46/0xd0
[  801.217987]  alloc_netdev_mqs+0x76/0xb70
[  801.222060]  rtnl_create_link+0x1ab/0x880
[  801.226216]  rtnl_newlink+0xdd0/0x1720
[  801.230111]  rtnetlink_rcv_msg+0x3be/0xb10
[  801.234356]  netlink_rcv_skb+0x127/0x370
[  801.238430]  netlink_unicast+0x437/0x620
[  801.242500]  netlink_sendmsg+0x733/0xbe0
[  801.246567]  sock_sendmsg+0xc5/0x100
[  801.250415]  ___sys_sendmsg+0x70a/0x840
[  801.254392]  __sys_sendmsg+0xa3/0x120
[  801.258194]  SyS_sendmsg+0x27/0x40
[  801.261734]  do_syscall_64+0x1d5/0x640
[  801.265623]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  801.270812] 
[  801.272441] Freed by task 21434:
[  801.275806]  save_stack+0x32/0xa0
[  801.279262]  kasan_slab_free+0x75/0xc0
[  801.283146]  kfree+0xcb/0x260
[  801.286253]  kvfree+0x45/0x50
[  801.289367]  device_release+0x15f/0x1a0
[  801.293355]  kobject_put+0x13e/0x1f0
[  801.297101]  netdev_run_todo+0x4a9/0x710
[  801.301163]  rtnetlink_rcv_msg+0x3cb/0xb10
[  801.305403]  netlink_rcv_skb+0x127/0x370
[  801.309494]  netlink_unicast+0x437/0x620
[  801.313559]  netlink_sendmsg+0x733/0xbe0
[  801.317630]  sock_sendmsg+0xc5/0x100
[  801.322044]  ___sys_sendmsg+0x70a/0x840
[  801.326020]  __sys_sendmsg+0xa3/0x120
[  801.329827]  SyS_sendmsg+0x27/0x40
[  801.333370]  do_syscall_64+0x1d5/0x640
[  801.337262]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  801.342442] 
[  801.344094] The buggy address belongs to the object at ffff888092b3e900
[  801.344094]  which belongs to the cache kmalloc-4096 of size 4096
[  801.356946] The buggy address is located 264 bytes inside of
[  801.356946]  4096-byte region [ffff888092b3e900, ffff888092b3f900)
[  801.369022] The buggy address belongs to the page:
[  801.373962] page:ffffea00024acf80 count:1 mapcount:0 mapping:ffff888092b3e900 index:0x0 compound_mapcount: 0
[  801.383946] flags: 0xfffe0000008100(slab|head)
[  801.388568] raw: 00fffe0000008100 ffff888092b3e900 0000000000000000 0000000100000001
[  801.396458] raw: ffffea00004b4ba0 ffffea00011eda20 ffff88812fe56dc0 0000000000000000
[  801.404347] page dumped because: kasan: bad access detected
[  801.410059] 
[  801.411683] Memory state around the buggy address:
[  801.416605]  ffff888092b3e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  801.423965]  ffff888092b3e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  801.431355] >ffff888092b3ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  801.438840]                       ^
[  801.442821]  ffff888092b3ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  801.450219]  ffff888092b3eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  801.457754] ==================================================================
[  801.465118] Disabling lock debugging due to kernel taint
[  801.479398] kauditd_printk_skb: 8 callbacks suppressed
[  801.479406] audit: type=1804 audit(1587358846.466:693): pid=21492 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/651/file0/bus" dev="loop5" ino=329 res=1
05:00:47 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x400000000003, 0x0, &(0x7f0000000140))
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  801.479693] systemd[1]: root-syzkaller\x2dtestdir538240783-syzkaller.5pKsS3-699-file0.mount: Failed to run 'mount' task: No such file or directory
[  801.484764] audit: type=1804 audit(1587358846.466:694): pid=21492 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir698555772/syzkaller.SID8ZR/651/file0/bus" dev="loop5" ino=329 res=1
05:00:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x67)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x0)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
creat(&(0x7f0000000100)='./bus\x00', 0x108)

[  801.565403] Kernel panic - not syncing: panic_on_warn set ...
[  801.565403] 
[  801.572811] CPU: 1 PID: 21423 Comm: syz-executor.4 Tainted: G    B           4.14.176-syzkaller #0
[  801.581929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  801.591283] Call Trace:
[  801.594833]  dump_stack+0x13e/0x194
[  801.598529]  panic+0x1f9/0x42d
[  801.601729]  ? add_taint.cold+0x16/0x16
[  801.605816]  ? preempt_schedule_common+0x4a/0xc0
[  801.610577]  ? macvlan_dev_get_iflink+0x5f/0x70
[  801.615251]  ? ___preempt_schedule+0x16/0x18
[  801.619658]  ? macvlan_dev_get_iflink+0x5f/0x70
[  801.624767]  kasan_end_report+0x43/0x49
[  801.628844]  kasan_report.cold+0x12f/0x2ae
[  801.633169]  macvlan_dev_get_iflink+0x5f/0x70
[  801.637672]  ? macvlan_dev_poll_controller+0x10/0x10
[  801.642820]  dev_get_iflink+0x73/0xe0
[  801.646723]  rfc2863_policy+0x17e/0x1e0
[  801.650708]  linkwatch_do_dev+0x16/0xe0
[  801.654860]  linkwatch_forget_dev+0x15c/0x1f0
[  801.659361]  netdev_run_todo+0x234/0x710
[  801.663530]  ? dev_set_mtu+0x3a0/0x3a0
[  801.667450]  ? lock_downgrade+0x6e0/0x6e0
[  801.671630]  ? rtnl_link_unregister+0x1f0/0x1f0
[  801.676397]  rtnetlink_rcv_msg+0x3cb/0xb10
[  801.680646]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[  801.685242]  ? netdev_pick_tx+0x2e0/0x2e0
[  801.689408]  ? skb_clone+0x11c/0x310
[  801.693146]  ? save_trace+0x290/0x290
[  801.696962]  netlink_rcv_skb+0x127/0x370
[  801.701063]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[  801.705743]  ? netlink_ack+0x980/0x980
[  801.709640]  netlink_unicast+0x437/0x620
[  801.713720]  ? netlink_attachskb+0x600/0x600
[  801.718138]  netlink_sendmsg+0x733/0xbe0
[  801.722205]  ? netlink_unicast+0x620/0x620
[  801.726453]  ? SYSC_sendto+0x2b0/0x2b0
[  801.730352]  ? security_socket_sendmsg+0x83/0xb0
[  801.735145]  ? netlink_unicast+0x620/0x620
[  801.739991]  sock_sendmsg+0xc5/0x100
[  801.743717]  ___sys_sendmsg+0x70a/0x840
[  801.747707]  ? trace_hardirqs_on+0x10/0x10
[  801.751951]  ? copy_msghdr_from_user+0x380/0x380
[  801.757329]  ? find_held_lock+0x2d/0x110
[  801.761405]  ? lock_downgrade+0x6e0/0x6e0
[  801.765939]  ? __fget+0x228/0x360
[  801.769411]  ? __fget_light+0x199/0x1f0
[  801.773406]  ? sockfd_lookup_light+0xb2/0x160
[  801.777915]  __sys_sendmsg+0xa3/0x120
[  801.781721]  ? SyS_shutdown+0x160/0x160
[  801.786836]  ? SyS_clock_gettime+0xf5/0x180
[  801.791169]  ? SyS_clock_settime+0x1a0/0x1a0
[  801.795607]  SyS_sendmsg+0x27/0x40
[  801.799178]  ? __sys_sendmsg+0x120/0x120
[  801.803252]  do_syscall_64+0x1d5/0x640
[  801.807150]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  801.812897] RIP: 0033:0x45c829
[  801.816114] RSP: 002b:00007f2714dabc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  801.824004] RAX: ffffffffffffffda RBX: 0000000000500a40 RCX: 000000000045c829
[  801.831282] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000006
[  801.839596] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  801.846868] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  801.854150] R13: 00000000000009fe R14: 00000000004ccb57 R15: 00007f2714dac6d4
[  801.862627] Kernel Offset: disabled
[  801.866271] Rebooting in 86400 seconds..