r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@initdev}}, &(0x7f0000000280)=0xe8) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r8) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r2, &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x6}, [{0x2, 0x4, r6}, {0x2, 0x2, r8}], {0x4, 0x3}, [{0x8, 0x0, r9}], {0x10, 0x1}, {0x20, 0x2}}, 0x3c, 0x2) r10 = socket$kcm(0x29, 0x2, 0x0) statx(r1, &(0x7f0000000140)='./file0\x00', 0x400, 0x4, &(0x7f0000000380)) splice(r10, 0x0, r3, 0x0, 0x8, 0x0) [ 961.427560][ T8746] dump_stack+0x1f0/0x31e [ 961.431899][ T8746] should_fail+0x38a/0x4e0 [ 961.436318][ T8746] ? sctp_add_bind_addr+0x97/0x350 [ 961.441434][ T8746] should_failslab+0x5/0x20 [ 961.445937][ T8746] kmem_cache_alloc_trace+0x57/0x300 [ 961.451224][ T8746] sctp_add_bind_addr+0x97/0x350 [ 961.456182][ T8746] sctp_copy_local_addr_list+0x25d/0x3e0 [ 961.461821][ T8746] sctp_bind_addr_copy+0xad/0x3b0 [ 961.466854][ T8746] sctp_connect_new_asoc+0x277/0x600 [ 961.472147][ T8746] __sctp_connect+0x54d/0x11e0 [ 961.476921][ T8746] sctp_inet_connect+0x11b/0x190 [ 961.481857][ T8746] __sys_connect+0x2da/0x360 [ 961.486449][ T8746] ? check_preemption_disabled+0x40/0x240 [ 961.492172][ T8746] ? check_preemption_disabled+0x40/0x240 [ 961.497886][ T8746] ? do_syscall_64+0x1d/0xe0 [ 961.502483][ T8746] __x64_sys_connect+0x76/0x80 [ 961.507243][ T8746] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 961.513300][ T8746] do_syscall_64+0x73/0xe0 [ 961.517713][ T8746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 961.523599][ T8746] RIP: 0033:0x45cb19 [ 961.527488][ T8746] Code: Bad RIP value. [ 961.531546][ T8746] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 961.539950][ T8746] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 961.547914][ T8746] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 961.555883][ T8746] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 961.563861][ T8746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 19:43:07 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x74000000) [ 961.571828][ T8746] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:07 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000080)={0x18, 0x0, {0x4, @multicast, 'vcan0\x00'}}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) socket$packet(0x11, 0x0, 0x300) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:43:07 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x900, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 961.633374][ T8765] netlink: 'syz-executor.1': attribute type 6 has an invalid length. 19:43:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xa, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:07 executing program 5 (fault-call:13 fault-nth:48): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:07 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x7a000000) [ 961.779056][ T8780] netlink: 'syz-executor.1': attribute type 6 has an invalid length. 19:43:07 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xa00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:07 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000280)='#\x00', 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x71, &(0x7f0000000140)={r8}, &(0x7f0000000040)=0x18) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000080)={r8, @in6={{0xa, 0x4e20, 0x1, @mcast1, 0xc0d3}}, [0x4, 0x3, 0x4, 0x8, 0x5, 0x7fffffff, 0x0, 0x9, 0x9, 0x6, 0xdb6, 0x10001, 0x3f, 0x9, 0x1e]}, &(0x7f00000001c0)=0x100) r9 = socket$kcm(0x29, 0x2, 0x0) splice(r9, 0x0, r2, 0x0, 0x8, 0x0) [ 961.907803][ T8788] FAULT_INJECTION: forcing a failure. [ 961.907803][ T8788] name failslab, interval 1, probability 0, space 0, times 0 [ 961.947301][ T8788] CPU: 0 PID: 8788 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 961.955913][ T8788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 961.965967][ T8788] Call Trace: [ 961.969261][ T8788] dump_stack+0x1f0/0x31e [ 961.973592][ T8788] should_fail+0x38a/0x4e0 [ 961.978007][ T8788] ? sctp_add_bind_addr+0x97/0x350 [ 961.983096][ T8788] should_failslab+0x5/0x20 [ 961.987574][ T8788] kmem_cache_alloc_trace+0x57/0x300 [ 961.992851][ T8788] sctp_add_bind_addr+0x97/0x350 [ 961.997779][ T8788] sctp_copy_local_addr_list+0x25d/0x3e0 [ 962.003390][ T8788] sctp_bind_addr_copy+0xad/0x3b0 [ 962.008447][ T8788] sctp_connect_new_asoc+0x277/0x600 [ 962.013725][ T8788] __sctp_connect+0x54d/0x11e0 [ 962.018500][ T8788] sctp_inet_connect+0x11b/0x190 [ 962.023437][ T8788] __sys_connect+0x2da/0x360 [ 962.028051][ T8788] ? check_preemption_disabled+0x40/0x240 [ 962.033763][ T8788] ? check_preemption_disabled+0x40/0x240 [ 962.039477][ T8788] ? do_syscall_64+0x1d/0xe0 [ 962.044067][ T8788] __x64_sys_connect+0x76/0x80 [ 962.048831][ T8788] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 962.054895][ T8788] do_syscall_64+0x73/0xe0 [ 962.059314][ T8788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 962.065201][ T8788] RIP: 0033:0x45cb19 [ 962.069085][ T8788] Code: Bad RIP value. [ 962.073142][ T8788] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 962.081547][ T8788] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 962.089515][ T8788] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 962.097483][ T8788] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 962.105452][ T8788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 962.113421][ T8788] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:09 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000080)={'mangle\x00'}, &(0x7f0000000100)=0x54) 19:43:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x10, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:09 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa1ffffff) 19:43:09 executing program 5 (fault-call:13 fault-nth:49): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xb00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 964.257551][ T8819] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 964.269437][ T27] kauditd_printk_skb: 31 callbacks suppressed [ 964.269444][ T27] audit: type=1800 audit(1593459789.703:1848): pid=8820 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16157 res=0 [ 964.283813][ T8819] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 964.310104][ T8818] FAULT_INJECTION: forcing a failure. [ 964.310104][ T8818] name failslab, interval 1, probability 0, space 0, times 0 [ 964.334106][ T8818] CPU: 0 PID: 8818 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 964.342702][ T8818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 964.352749][ T8818] Call Trace: [ 964.356167][ T8818] dump_stack+0x1f0/0x31e [ 964.360502][ T8818] should_fail+0x38a/0x4e0 [ 964.364916][ T8818] ? sctp_add_bind_addr+0x97/0x350 [ 964.370026][ T8818] should_failslab+0x5/0x20 [ 964.374619][ T8818] kmem_cache_alloc_trace+0x57/0x300 [ 964.379903][ T8818] sctp_add_bind_addr+0x97/0x350 [ 964.384845][ T8818] sctp_copy_local_addr_list+0x25d/0x3e0 [ 964.390486][ T8818] sctp_bind_addr_copy+0xad/0x3b0 [ 964.395505][ T8818] sctp_connect_new_asoc+0x277/0x600 [ 964.400793][ T8818] __sctp_connect+0x54d/0x11e0 [ 964.405552][ T8818] sctp_inet_connect+0x11b/0x190 [ 964.410476][ T8818] __sys_connect+0x2da/0x360 [ 964.415059][ T8818] ? check_preemption_disabled+0x40/0x240 [ 964.420769][ T8818] ? check_preemption_disabled+0x40/0x240 [ 964.423710][ T27] audit: type=1804 audit(1593459789.783:1849): pid=8830 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1538/bus" dev="sda1" ino=16157 res=1 [ 964.426478][ T8818] ? do_syscall_64+0x1d/0xe0 [ 964.426494][ T8818] __x64_sys_connect+0x76/0x80 19:43:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x27, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 964.426508][ T8818] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 964.426517][ T8818] do_syscall_64+0x73/0xe0 [ 964.426529][ T8818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 964.426538][ T8818] RIP: 0033:0x45cb19 [ 964.426546][ T8818] Code: Bad RIP value. [ 964.473825][ T27] audit: type=1804 audit(1593459789.793:1850): pid=8830 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1538/bus" dev="sda1" ino=16157 res=1 [ 964.474394][ T8818] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 964.474405][ T8818] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 964.474412][ T8818] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 964.474418][ T8818] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 964.474424][ T8818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 964.474431][ T8818] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 964.505983][ T8833] netlink: 'syz-executor.1': attribute type 6 has an invalid length. 19:43:10 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xc00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 964.563514][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x2c, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:10 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa2f3ffff) 19:43:10 executing program 5 (fault-call:13 fault-nth:50): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 964.657754][ T27] audit: type=1804 audit(1593459789.793:1851): pid=8830 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1538/bus" dev="sda1" ino=16157 res=1 [ 964.695592][ T8841] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 964.765470][ T27] audit: type=1804 audit(1593459790.023:1852): pid=8820 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1538/bus" dev="sda1" ino=16157 res=1 [ 964.782981][ T8843] FAULT_INJECTION: forcing a failure. [ 964.782981][ T8843] name failslab, interval 1, probability 0, space 0, times 0 [ 964.807581][ T8843] CPU: 0 PID: 8843 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 964.816186][ T8843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 964.826238][ T8843] Call Trace: [ 964.829527][ T8843] dump_stack+0x1f0/0x31e [ 964.833862][ T8843] should_fail+0x38a/0x4e0 [ 964.838276][ T8843] ? sctp_add_bind_addr+0x97/0x350 [ 964.843384][ T8843] should_failslab+0x5/0x20 [ 964.847882][ T8843] kmem_cache_alloc_trace+0x57/0x300 [ 964.853167][ T8843] sctp_add_bind_addr+0x97/0x350 [ 964.857486][ T27] audit: type=1804 audit(1593459790.023:1853): pid=8830 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1538/bus" dev="sda1" ino=16157 res=1 [ 964.858099][ T8843] sctp_copy_local_addr_list+0x25d/0x3e0 [ 964.885821][ T8843] sctp_bind_addr_copy+0xad/0x3b0 [ 964.890844][ T8843] sctp_connect_new_asoc+0x277/0x600 [ 964.891800][ T27] audit: type=1800 audit(1593459790.123:1854): pid=8844 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16154 res=0 [ 964.896122][ T8843] __sctp_connect+0x54d/0x11e0 [ 964.918745][ T8843] sctp_inet_connect+0x11b/0x190 [ 964.923682][ T8843] __sys_connect+0x2da/0x360 [ 964.924792][ T27] audit: type=1804 audit(1593459790.163:1855): pid=8844 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1539/bus" dev="sda1" ino=16154 res=1 [ 964.928265][ T8843] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 964.956506][ T8843] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 964.958278][ T27] audit: type=1804 audit(1593459790.183:1856): pid=8844 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1539/bus" dev="sda1" ino=16154 res=1 [ 964.962568][ T8843] __x64_sys_connect+0x76/0x80 [ 964.962582][ T8843] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 964.962590][ T8843] do_syscall_64+0x73/0xe0 [ 964.962602][ T8843] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 964.962612][ T8843] RIP: 0033:0x45cb19 [ 964.962616][ T8843] Code: Bad RIP value. [ 964.962622][ T8843] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 964.962631][ T8843] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 964.962641][ T8843] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 964.995987][ T27] audit: type=1804 audit(1593459790.183:1857): pid=8844 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1539/bus" dev="sda1" ino=16154 res=1 19:43:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x38, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:10 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000080)="492c90a07ac330f010fb58ff9f6da28968040c6382b81ec56dcddf0d8d1aaf9f817fff87aef1c217f610ade1bd8e2ba8c87dbf6fb23c2c3440b48fa6db0bf60df69f9ada4b521d5015d9856fa435afefca61b37628e19648a7d7f3622b9459d5c84f67fbe7b54c597ae21dbc5a45f4482bf04a8ac401549dc3646b92fcc635c3d30415adc110ab309db7819b8e8daf925ffa6d", 0x93) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x2) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r6, 0x0, 0x0) wait4(r6, &(0x7f0000000140), 0x8, &(0x7f0000000380)) [ 964.999406][ T8843] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 965.067592][ T8843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 965.075539][ T8843] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 965.157050][ T8852] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:12 executing program 4: timer_create(0x3, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000080)="a6f181db336d0956f266a46be772e15701ab98e1fa11945f94f358ca5c224eaa0dfa9a7e2330c99e88d460414509cfcf7060d60feccdd543dacc02fe3177752067099cc8112a3df31f3af7b73ea2cf322eeab984ce07ac68509a", &(0x7f0000000380)="8e2761b54243711f2bc2998e0f3cf952943d9d12ab177688f5345d8522236bafe7818f44f441ee27738ae0e2708925d98227eb12951ccd89bb7d613a2c8f32fa7db376e40fe9420a6a1aec93ee15b1244e7b7c0975ad0016d7e03cb43866ed47bcdb22600398073be083f9cf6b67dc79002c9f114f0a74c521dbc18b3a7f309d1d01e99ae0c6b5ce00e1a618ed9cea4cbe8ecf4ad82c622414e7006bc5a79a397cc1485aa05931d319771fb869c0b7caec7576370a3ce33a87c2a2a0318e48c3e2374baaceeb765e33cfec3558"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000140)={0xa10000, 0xa6, 0x2, r2, 0x0, &(0x7f0000000100)={0x9a091b, 0x1, [], @ptr}}) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f00000001c0)=0x40000) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x80802, 0x0) ioctl$VIDIOC_G_EDID(r4, 0xc0285628, &(0x7f0000000480)={0x0, 0x4, 0x6, [], &(0x7f00000002c0)=0x8}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r5, 0x0, 0x8, 0x0) 19:43:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xd00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xeaffffff) 19:43:12 executing program 5 (fault-call:13 fault-nth:51): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x6558, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:12 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000140)={0xd, 0x75}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c00ea4c18aecdcc112a166c1beec8c7b19e1d89a534ecd1de430543f79a3f3c8be639b5ccd50b37b18f06df09714d0fca9fdce9e769abf8e91ab174cfc4e4ad24924a0e4f1c9ddb76ca56a9a8516a2672553795e56a429cef090000002afa1d93afb1f0ec2d3966dbddaa0fbb233755d652248d33d95df204cb896115d70466ed7cccc54959886c20cf19e806ffe27d817d45c5e9402b00d16e2cdf11"], 0x1c}}, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000080)=0x40, 0x4) r3 = syz_open_dev$vcsu(&(0x7f0000000100)='/dev/vcsu#\x00', 0x3, 0x40) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10010, r3, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r4, 0x0, 0x8, 0x0) [ 967.353684][ T8872] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 967.356901][ T8866] FAULT_INJECTION: forcing a failure. [ 967.356901][ T8866] name failslab, interval 1, probability 0, space 0, times 0 19:43:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x8100, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 967.429455][ T8866] CPU: 1 PID: 8866 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 967.438075][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 967.448140][ T8866] Call Trace: [ 967.451446][ T8866] dump_stack+0x1f0/0x31e [ 967.455790][ T8866] should_fail+0x38a/0x4e0 [ 967.460214][ T8866] ? sctp_add_bind_addr+0x97/0x350 [ 967.465335][ T8866] should_failslab+0x5/0x20 [ 967.469839][ T8866] kmem_cache_alloc_trace+0x57/0x300 19:43:12 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$SIOCX25GFACILITIES(r2, 0x89e2, &(0x7f0000000080)) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r1, 0x0, 0x8, 0x0) 19:43:12 executing program 3: timer_create(0x2, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)=0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {r1, r2+10000000}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r4, 0x0, 0x8, 0x0) [ 967.475149][ T8866] sctp_add_bind_addr+0x97/0x350 [ 967.480099][ T8866] sctp_copy_local_addr_list+0x25d/0x3e0 [ 967.485740][ T8866] sctp_bind_addr_copy+0xad/0x3b0 [ 967.490786][ T8866] sctp_connect_new_asoc+0x277/0x600 [ 967.496082][ T8866] __sctp_connect+0x54d/0x11e0 [ 967.501019][ T8866] sctp_inet_connect+0x11b/0x190 [ 967.505953][ T8866] __sys_connect+0x2da/0x360 [ 967.510544][ T8866] ? check_preemption_disabled+0x40/0x240 [ 967.516254][ T8866] ? check_preemption_disabled+0x40/0x240 [ 967.522101][ T8866] ? do_syscall_64+0x1d/0xe0 [ 967.526685][ T8866] __x64_sys_connect+0x76/0x80 [ 967.531459][ T8866] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 967.537556][ T8866] do_syscall_64+0x73/0xe0 [ 967.541986][ T8866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 967.547882][ T8866] RIP: 0033:0x45cb19 [ 967.551772][ T8866] Code: Bad RIP value. [ 967.555848][ T8866] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 967.564258][ T8866] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 967.572247][ T8866] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 967.580221][ T8866] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 967.588190][ T8866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 967.596161][ T8866] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x8847, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 967.644437][ T8890] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:13 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xe00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:13 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xefffffff) 19:43:13 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xf00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:13 executing program 5 (fault-call:13 fault-nth:52): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0x8848, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 967.772792][ T8905] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:13 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1100, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 967.843829][ T8908] FAULT_INJECTION: forcing a failure. [ 967.843829][ T8908] name failslab, interval 1, probability 0, space 0, times 0 [ 967.895828][ T8918] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 967.899408][ T8908] CPU: 0 PID: 8908 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 967.913799][ T8908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 967.923858][ T8908] Call Trace: [ 967.927164][ T8908] dump_stack+0x1f0/0x31e [ 967.931514][ T8908] should_fail+0x38a/0x4e0 [ 967.935937][ T8908] ? sctp_add_bind_addr+0x97/0x350 [ 967.941050][ T8908] should_failslab+0x5/0x20 [ 967.945650][ T8908] kmem_cache_alloc_trace+0x57/0x300 [ 967.950943][ T8908] sctp_add_bind_addr+0x97/0x350 [ 967.955893][ T8908] sctp_copy_local_addr_list+0x25d/0x3e0 [ 967.961546][ T8908] sctp_bind_addr_copy+0xad/0x3b0 [ 967.966582][ T8908] sctp_connect_new_asoc+0x277/0x600 [ 967.971882][ T8908] __sctp_connect+0x54d/0x11e0 [ 967.976667][ T8908] sctp_inet_connect+0x11b/0x190 [ 967.981640][ T8908] __sys_connect+0x2da/0x360 [ 967.986245][ T8908] ? check_preemption_disabled+0x40/0x240 [ 967.991970][ T8908] ? check_preemption_disabled+0x40/0x240 [ 967.997696][ T8908] ? do_syscall_64+0x1d/0xe0 [ 968.002297][ T8908] __x64_sys_connect+0x76/0x80 [ 968.007064][ T8908] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 968.013128][ T8908] do_syscall_64+0x73/0xe0 [ 968.017552][ T8908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 968.023444][ T8908] RIP: 0033:0x45cb19 [ 968.027327][ T8908] Code: Bad RIP value. [ 968.031372][ T8908] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a 19:43:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x8, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:13 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1200, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 968.041424][ T8908] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 968.049406][ T8908] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 968.057379][ T8908] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 968.065358][ T8908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 968.073446][ T8908] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:13 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfeffffff) 19:43:16 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x220000, 0x0) ioctl$HIDIOCGCOLLECTIONINDEX(r0, 0x40184810, &(0x7f00000000c0)={0x2, 0x1, 0x5, 0x1f, 0x3, 0x7}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:43:16 executing program 5 (fault-call:13 fault-nth:53): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x0, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:16 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xff0f0000) 19:43:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1300, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:16 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000380)="224eb407aaa13a36065f2ca50f785730de771798afe257f09b4b9e4adc6bda67", &(0x7f00000003c0)="50d4530bcba61255918e1eea6caaa46d34b67e7564512ea20b590795f92f672f3e346d68a7cb697b9274b7eefac37e9df959464119b07d438e592fa78496143e10af83f1722321f9d79463"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0xfffffffffffffffd, 0x18) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x10200, 0x3ff) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={&(0x7f0000000080)="d512255cda6e5970e84737dabcbbde0fe017472552305e2cd74c211f2dc43516b23b407ffb566c73ed8b66ebe410a26947791532a5a7f68f03fd407430a8bfd977406704de1eb019af1ed8b10a4525c9582e813c42939d7d32717cc75f00dd36e74b26d5514b27f219b48e156fc7a95e243cedcb70851c4c952b6064f640e5eeba2fd3e985ec1d67560f5bece160cd162cdd6c35667ec7e1dbe8ab37ba6714c326c36572105d6ad4bfb029f9cd317b9f20622f4ab8f00295b31ae43713e756b47b9f9f41be3571eb6a20a225af654f", &(0x7f0000000440)="a96c08c3a9cba73b3676eaa80cd2f4e23abca069d028a26425ca14dc5cdca9575fcdf75328d5a6a165d7447ab0441123332927338d10ae2e5f9586e8223df7352c6b576f788867ee6d22377c555044e26275f61a27ca9a064180456939d258d849e0267e9162637ac6650a09320aa8cc33fe229a241c2c9b9c72cfc0db9b0b0c7645813c4614690833"}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) r4 = perf_event_open$cgroup(&(0x7f0000000280)={0x3, 0x70, 0x4, 0x0, 0xd6, 0x8, 0x0, 0x1, 0x94002, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2000, 0x4, @perf_config_ext={0xfffffffffffffffa, 0x7}, 0x200, 0x9, 0x1, 0x4, 0x100, 0xef9}, r3, 0x2, 0xffffffffffffffff, 0x4) finit_module(r4, &(0x7f00000001c0)='!+,+/\\}\x00', 0x1) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r3, 0x0, 0x8, 0x0) 19:43:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:16 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x7, 0x20200) mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x100010, r1, 0x100000000) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) [ 970.649451][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 970.649459][ T27] audit: type=1800 audit(1593459796.073:1878): pid=8954 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16222 res=0 19:43:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1400, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 970.706011][ T8963] FAULT_INJECTION: forcing a failure. [ 970.706011][ T8963] name failslab, interval 1, probability 0, space 0, times 0 [ 970.767668][ T27] audit: type=1804 audit(1593459796.133:1879): pid=8954 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 970.794010][ T8963] CPU: 0 PID: 8963 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 970.802698][ T8963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 970.812750][ T8963] Call Trace: [ 970.816045][ T8963] dump_stack+0x1f0/0x31e [ 970.820587][ T8963] should_fail+0x38a/0x4e0 [ 970.825005][ T8963] ? sctp_add_bind_addr+0x97/0x350 [ 970.830117][ T8963] should_failslab+0x5/0x20 [ 970.834617][ T8963] kmem_cache_alloc_trace+0x57/0x300 [ 970.839913][ T8963] sctp_add_bind_addr+0x97/0x350 [ 970.844855][ T8963] sctp_copy_local_addr_list+0x25d/0x3e0 [ 970.850493][ T8963] sctp_bind_addr_copy+0xad/0x3b0 [ 970.855519][ T8963] sctp_connect_new_asoc+0x277/0x600 [ 970.860812][ T8963] __sctp_connect+0x54d/0x11e0 [ 970.865587][ T8963] sctp_inet_connect+0x11b/0x190 [ 970.870524][ T8963] __sys_connect+0x2da/0x360 [ 970.875117][ T8963] ? check_preemption_disabled+0x40/0x240 [ 970.880833][ T8963] ? check_preemption_disabled+0x40/0x240 [ 970.886550][ T8963] ? do_syscall_64+0x1d/0xe0 [ 970.891138][ T8963] __x64_sys_connect+0x76/0x80 [ 970.895902][ T8963] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 970.901966][ T8963] do_syscall_64+0x73/0xe0 [ 970.906381][ T8963] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 970.912269][ T8963] RIP: 0033:0x45cb19 19:43:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x2, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 970.916145][ T8963] Code: Bad RIP value. [ 970.920233][ T8963] RSP: 002b:00007fe210c05c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 970.928705][ T8963] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 970.936651][ T8963] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 970.944598][ T8963] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 970.952549][ T8963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 970.960610][ T8963] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c066d4 19:43:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x4, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 971.002567][ T8979] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1500, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 971.038246][ T27] audit: type=1804 audit(1593459796.133:1880): pid=8954 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 971.098652][ T8983] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 971.107808][ T27] audit: type=1804 audit(1593459796.133:1881): pid=8954 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 971.166718][ T27] audit: type=1804 audit(1593459796.133:1882): pid=8954 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 971.205646][ T27] audit: type=1804 audit(1593459796.463:1883): pid=8954 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 971.235460][ T27] audit: type=1804 audit(1593459796.463:1884): pid=8962 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 [ 971.267203][ T27] audit: type=1804 audit(1593459796.463:1885): pid=8962 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1543/bus" dev="sda1" ino=16222 res=1 19:43:19 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r5 = fcntl$dupfd(r4, 0xf915b200d72590c4, r1) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r5, 0xc4c85512, &(0x7f0000000380)={{0x4, 0x4, 0x101, 0x5, 'syz0\x00', 0x8}, 0x0, [0xfffffffffffff425, 0x6, 0x4, 0x8c, 0x32, 0x7, 0xffffffffffff8001, 0x20, 0x7, 0x9, 0xfffffffffffffffa, 0xffffffffffffffc0, 0x9, 0x8020, 0x5, 0x100, 0x10000, 0xf16, 0x3ff, 0x6, 0x6, 0x9, 0xfffffffffffffffb, 0x8, 0x82, 0xfffffffffffffffd, 0xfffffffffffffffa, 0x401, 0x80000000, 0x100000000, 0x0, 0x3ff, 0x5, 0x7f, 0x6e0c3b0f, 0xfffffffffffffffd, 0x9, 0x5ddf, 0x0, 0x4, 0x4, 0xff, 0x6, 0xffff, 0x1, 0x401, 0x8000, 0xfff, 0x9, 0x1000, 0x2, 0x2, 0x23, 0x4c, 0x49aa, 0x89eb, 0x8, 0x200, 0x6, 0xfffffffffffffff8, 0xd8, 0x6, 0xb00b, 0x482, 0x100000000, 0x6, 0x81, 0x101, 0x100000001, 0x3ff, 0x6, 0x1, 0x0, 0x6, 0x9, 0xfff, 0x0, 0x100000001, 0x3, 0x1, 0x2, 0x40008000000000, 0x1, 0x8001, 0x9, 0x9, 0x80, 0x7, 0x5, 0x400, 0x494, 0x3, 0x2, 0xaf3b, 0x7f6b, 0x8001, 0x10000, 0x2, 0xfffffffffffffffe, 0x0, 0x80, 0x5, 0x1, 0xfffffffffffffff8, 0x6, 0xe5, 0x7fffffff, 0xc0000000000000, 0x9e70, 0x100, 0x7, 0x3ff, 0x0, 0x7fff, 0xc41, 0x2a000000000000, 0x1f, 0xfffffffffffffff9, 0xb2bf, 0x80000001, 0x200, 0x2d, 0x7, 0x5, 0x8000, 0x9, 0x7, 0xd]}) r6 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r2, 0x0, 0x8, 0x0) 19:43:19 executing program 5 (fault-call:13 fault-nth:54): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:19 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xff2f0000) 19:43:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x5, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:19 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1600, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x6, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 973.652220][ T27] audit: type=1800 audit(1593459799.083:1886): pid=8999 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16105 res=0 19:43:19 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x80, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f00000001c0)={'IDLETIMER\x00'}, &(0x7f0000000440)=0x1e) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000380)="7b4246a9a3d33b7d3997e48ab673b3f926489b2c0b71b8279e9027076536854dc20eea7f8d6a440db95de15a5094c3bf3f3fd3d9f15daa928a1abbffa6c75d6333595a0990a94966e677c738a8b0034d64dd2aeb51184ae80d3d2b96a889730225005084dc3d069a20745bc6254721f3ff34c49610f45b9d600d42f1141a8d916a02e912cd0f5559bcd65f78505469eed6ca471b184d5a2340370b4beec417c5f99451f773e712bfc40264946ac31de29af2634f51", 0xb5, 0x0, &(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x506459e9d8692bb1, 0x1}, 0x4}}, 0x80) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) bind$rose(r2, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x40) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x20002, 0x0) [ 973.720050][ T27] audit: type=1804 audit(1593459799.113:1887): pid=8999 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1544/bus" dev="sda1" ino=16105 res=1 19:43:19 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfffff3a2) 19:43:19 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1700, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 973.762791][ T9012] FAULT_INJECTION: forcing a failure. [ 973.762791][ T9012] name failslab, interval 1, probability 0, space 0, times 0 [ 973.816586][ T9012] CPU: 0 PID: 9012 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 973.825203][ T9012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 973.835258][ T9012] Call Trace: [ 973.838552][ T9012] dump_stack+0x1f0/0x31e [ 973.842887][ T9012] should_fail+0x38a/0x4e0 [ 973.847304][ T9012] ? sctp_add_bind_addr+0x97/0x350 [ 973.852422][ T9012] should_failslab+0x5/0x20 [ 973.856928][ T9012] kmem_cache_alloc_trace+0x57/0x300 [ 973.862221][ T9012] sctp_add_bind_addr+0x97/0x350 [ 973.867164][ T9012] sctp_copy_local_addr_list+0x25d/0x3e0 [ 973.872805][ T9012] sctp_bind_addr_copy+0xad/0x3b0 [ 973.877837][ T9012] sctp_connect_new_asoc+0x277/0x600 [ 973.883133][ T9012] __sctp_connect+0x54d/0x11e0 [ 973.887912][ T9012] sctp_inet_connect+0x11b/0x190 [ 973.892855][ T9012] __sys_connect+0x2da/0x360 [ 973.897460][ T9012] ? check_preemption_disabled+0x40/0x240 [ 973.903177][ T9012] ? check_preemption_disabled+0x40/0x240 [ 973.908895][ T9012] ? do_syscall_64+0x1d/0xe0 [ 973.913489][ T9012] __x64_sys_connect+0x76/0x80 [ 973.918258][ T9012] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 973.924324][ T9012] do_syscall_64+0x73/0xe0 [ 973.928742][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 973.934629][ T9012] RIP: 0033:0x45cb19 [ 973.938512][ T9012] Code: Bad RIP value. [ 973.942575][ T9012] RSP: 002b:00007fe210c05c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 973.950980][ T9012] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 973.958949][ T9012] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 19:43:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x7, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 973.966916][ T9012] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 973.974881][ T9012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 973.982850][ T9012] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c066d4 19:43:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x9, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:19 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1800, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:22 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffff7f) 19:43:22 executing program 5 (fault-call:13 fault-nth:55): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:22 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1900, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xa, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:22 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000080)={0x9, 0x3f, 0x1}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r1, 0x0, 0x8, 0x0) 19:43:22 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r1}, 0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r2}, 0x40) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000a80)={{{@in=@private, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000b80)=0xe8) sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x7bd9965758c0b17c}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x64, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x1}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @random="85f8d1aaac5b"}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @multicast}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x4}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{r5, r6+10000000}, {0x77359400}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r7, 0x0, &(0x7f0000000180)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = socket$inet6(0xa, 0x800000000000002, 0x0) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = socket$kcm(0x29, 0x2, 0x0) splice(r11, 0x0, r8, 0x0, 0x8, 0x0) 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x10, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 976.727289][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 976.727298][ T27] audit: type=1800 audit(1593459802.154:1900): pid=9055 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16277 res=0 19:43:22 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffffa1) [ 976.789537][ T27] audit: type=1804 audit(1593459802.194:1901): pid=9055 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1546/bus" dev="sda1" ino=16277 res=1 [ 976.800562][ T9067] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:22 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1a00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x27, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:22 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x20001, 0x0) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x4, 0x6, 0x0, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c091) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) [ 976.907407][ T9057] FAULT_INJECTION: forcing a failure. [ 976.907407][ T9057] name failslab, interval 1, probability 0, space 0, times 0 [ 976.934492][ T27] audit: type=1804 audit(1593459802.194:1902): pid=9055 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1546/bus" dev="sda1" ino=16277 res=1 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 976.967699][ T9074] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 976.994219][ T9057] CPU: 1 PID: 9057 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 977.002945][ T9057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 977.012997][ T9057] Call Trace: 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x38, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 977.016295][ T9057] dump_stack+0x1f0/0x31e [ 977.020631][ T9057] should_fail+0x38a/0x4e0 [ 977.025053][ T9057] ? sctp_add_bind_addr+0x97/0x350 [ 977.030165][ T9057] should_failslab+0x5/0x20 [ 977.031454][ T9083] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 977.034659][ T9057] kmem_cache_alloc_trace+0x57/0x300 [ 977.034677][ T9057] sctp_add_bind_addr+0x97/0x350 [ 977.034694][ T9057] sctp_copy_local_addr_list+0x25d/0x3e0 [ 977.034712][ T9057] sctp_bind_addr_copy+0xad/0x3b0 [ 977.064788][ T9057] sctp_connect_new_asoc+0x277/0x600 [ 977.070087][ T9057] __sctp_connect+0x54d/0x11e0 [ 977.074863][ T9057] sctp_inet_connect+0x11b/0x190 [ 977.079821][ T9057] __sys_connect+0x2da/0x360 [ 977.084416][ T9057] ? check_preemption_disabled+0x40/0x240 [ 977.086100][ T9086] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 977.090130][ T9057] ? check_preemption_disabled+0x40/0x240 [ 977.090142][ T9057] ? do_syscall_64+0x1d/0xe0 [ 977.090157][ T9057] __x64_sys_connect+0x76/0x80 [ 977.090171][ T9057] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 977.090180][ T9057] do_syscall_64+0x73/0xe0 [ 977.090191][ T9057] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 977.090201][ T9057] RIP: 0033:0x45cb19 [ 977.090206][ T9057] Code: Bad RIP value. [ 977.090211][ T9057] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 977.125690][ T27] audit: type=1804 audit(1593459802.194:1903): pid=9055 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1546/bus" dev="sda1" ino=16277 res=1 [ 977.130804][ T9057] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 977.130812][ T9057] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 977.130818][ T9057] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 977.130824][ T9057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 977.130831][ T9057] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 977.214284][ T27] audit: type=1804 audit(1593459802.204:1904): pid=9055 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1546/bus" dev="sda1" ino=16277 res=1 [ 977.270065][ T27] audit: type=1804 audit(1593459802.204:1905): pid=9061 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1546/bus" dev="sda1" ino=16277 res=1 19:43:22 executing program 5 (fault-call:13 fault-nth:56): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x6558, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:22 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1b00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 977.333093][ T27] audit: type=1800 audit(1593459802.414:1906): pid=9076 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16305 res=0 [ 977.359980][ T27] audit: type=1804 audit(1593459802.624:1907): pid=9088 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1547/bus" dev="sda1" ino=16305 res=1 [ 977.406496][ T27] audit: type=1804 audit(1593459802.644:1908): pid=9087 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1547/bus" dev="sda1" ino=16305 res=1 [ 977.457394][ T9101] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 977.475539][ T27] audit: type=1804 audit(1593459802.744:1909): pid=9076 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1547/bus" dev="sda1" ino=16305 res=1 [ 977.476012][ T9098] FAULT_INJECTION: forcing a failure. [ 977.476012][ T9098] name failslab, interval 1, probability 0, space 0, times 0 [ 977.531586][ T9098] CPU: 0 PID: 9098 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 977.540209][ T9098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 977.550266][ T9098] Call Trace: [ 977.553561][ T9098] dump_stack+0x1f0/0x31e [ 977.557900][ T9098] should_fail+0x38a/0x4e0 [ 977.562321][ T9098] ? sctp_add_bind_addr+0x97/0x350 [ 977.567435][ T9098] should_failslab+0x5/0x20 [ 977.571936][ T9098] kmem_cache_alloc_trace+0x57/0x300 [ 977.577223][ T9098] sctp_add_bind_addr+0x97/0x350 [ 977.582164][ T9098] sctp_copy_local_addr_list+0x25d/0x3e0 [ 977.587802][ T9098] sctp_bind_addr_copy+0xad/0x3b0 [ 977.592819][ T9098] sctp_connect_new_asoc+0x277/0x600 [ 977.598087][ T9098] __sctp_connect+0x54d/0x11e0 [ 977.602833][ T9098] sctp_inet_connect+0x11b/0x190 [ 977.607747][ T9098] __sys_connect+0x2da/0x360 [ 977.612318][ T9098] ? check_preemption_disabled+0x40/0x240 [ 977.618013][ T9098] ? check_preemption_disabled+0x40/0x240 [ 977.623704][ T9098] ? do_syscall_64+0x1d/0xe0 [ 977.628271][ T9098] __x64_sys_connect+0x76/0x80 [ 977.633015][ T9098] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 977.639067][ T9098] do_syscall_64+0x73/0xe0 [ 977.643461][ T9098] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 977.649340][ T9098] RIP: 0033:0x45cb19 [ 977.653213][ T9098] Code: Bad RIP value. [ 977.657251][ T9098] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 977.665642][ T9098] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 977.673586][ T9098] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 977.681541][ T9098] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 977.689510][ T9098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 977.697523][ T9098] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x8100, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:25 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffffea) 19:43:25 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1c00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:25 executing program 5 (fault-call:13 fault-nth:57): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:25 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) clock_gettime(0x4, &(0x7f0000000680)={0x0, 0x0}) timer_settime(r0, 0x1, &(0x7f0000000180)={{0x0, 0x3938700}, {r1, r2+60000000}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$kcm(0x29, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000000206010305000000007a7761c5a686e23c000400000000000900020073797a30000000000500010006000007000000000000000012000300686173683a6e65742c706f7274000000"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000980)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000009c0)=0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000380)={{{@in=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='disable_sparse=yes,errors=continue,gid=', @ANYRESHEX=r9]) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='fuse\x00', 0x4, &(0x7f0000000480)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x7fff}}, {@max_read={'max_read', 0x3d, 0x5}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}], [{@subj_user={'subj_user', 0x3d, 'syz0\x00'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}]}}) fsetxattr$smack_xattr_label(r5, &(0x7f00000000c0)='security.SMACK64IPOUT\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="5e2c2d275e27255ea57a61feafcffc474b23fe7700"], 0x9, 0x2) splice(r4, 0x0, r3, 0x0, 0x8, 0x0) [ 979.741439][ T9118] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 979.784925][ T9117] FAULT_INJECTION: forcing a failure. [ 979.784925][ T9117] name failslab, interval 1, probability 0, space 0, times 0 [ 979.806069][ T9125] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 979.810680][ T9117] CPU: 1 PID: 9117 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 979.823946][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 979.833999][ T9117] Call Trace: [ 979.837284][ T9117] dump_stack+0x1f0/0x31e [ 979.841608][ T9117] should_fail+0x38a/0x4e0 [ 979.846008][ T9117] ? sctp_add_bind_addr+0x97/0x350 [ 979.851102][ T9117] should_failslab+0x5/0x20 [ 979.855584][ T9117] kmem_cache_alloc_trace+0x57/0x300 [ 979.860848][ T9117] sctp_add_bind_addr+0x97/0x350 [ 979.865763][ T9117] sctp_copy_local_addr_list+0x25d/0x3e0 [ 979.871375][ T9117] sctp_bind_addr_copy+0xad/0x3b0 [ 979.876381][ T9117] sctp_connect_new_asoc+0x277/0x600 [ 979.881649][ T9117] __sctp_connect+0x54d/0x11e0 [ 979.886421][ T9117] sctp_inet_connect+0x11b/0x190 [ 979.891339][ T9117] __sys_connect+0x2da/0x360 [ 979.895907][ T9117] ? check_preemption_disabled+0x40/0x240 [ 979.901610][ T9117] ? check_preemption_disabled+0x40/0x240 [ 979.907303][ T9117] ? do_syscall_64+0x1d/0xe0 [ 979.911874][ T9117] __x64_sys_connect+0x76/0x80 [ 979.916615][ T9117] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 979.922653][ T9117] do_syscall_64+0x73/0xe0 [ 979.927072][ T9117] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 979.932961][ T9117] RIP: 0033:0x45cb19 [ 979.936826][ T9117] Code: Bad RIP value. [ 979.940866][ T9117] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 979.949249][ T9117] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 979.957214][ T9117] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 979.965165][ T9117] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 979.973128][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 19:43:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x8847, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 979.981075][ T9117] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:25 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x8) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r1, 0x0, 0x8, 0x0) 19:43:25 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1d00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:25 executing program 5 (fault-call:13 fault-nth:58): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:25 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffffef) [ 980.112970][ T9134] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:25 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1e00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x8848, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:25 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfffffffe) [ 980.211541][ T9141] FAULT_INJECTION: forcing a failure. [ 980.211541][ T9141] name failslab, interval 1, probability 0, space 0, times 0 [ 980.264149][ T9141] CPU: 1 PID: 9141 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 980.272768][ T9141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 980.282834][ T9141] Call Trace: [ 980.286134][ T9141] dump_stack+0x1f0/0x31e [ 980.290559][ T9141] should_fail+0x38a/0x4e0 [ 980.294981][ T9141] ? sctp_add_bind_addr+0x97/0x350 [ 980.300100][ T9141] should_failslab+0x5/0x20 [ 980.304613][ T9141] kmem_cache_alloc_trace+0x57/0x300 [ 980.309908][ T9141] sctp_add_bind_addr+0x97/0x350 [ 980.314856][ T9141] sctp_copy_local_addr_list+0x25d/0x3e0 [ 980.320618][ T9141] sctp_bind_addr_copy+0xad/0x3b0 [ 980.325654][ T9141] sctp_connect_new_asoc+0x277/0x600 [ 980.330947][ T9141] __sctp_connect+0x54d/0x11e0 [ 980.335733][ T9141] sctp_inet_connect+0x11b/0x190 [ 980.340678][ T9141] __sys_connect+0x2da/0x360 [ 980.345274][ T9141] ? check_preemption_disabled+0x40/0x240 [ 980.350992][ T9141] ? check_preemption_disabled+0x40/0x240 [ 980.356708][ T9141] ? do_syscall_64+0x1d/0xe0 [ 980.361301][ T9141] __x64_sys_connect+0x76/0x80 [ 980.366067][ T9141] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 980.372133][ T9141] do_syscall_64+0x73/0xe0 [ 980.376551][ T9141] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 980.382436][ T9141] RIP: 0033:0x45cb19 [ 980.386319][ T9141] Code: Bad RIP value. [ 980.390382][ T9141] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 980.398786][ T9141] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 980.406753][ T9141] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 980.414718][ T9141] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 980.422684][ T9141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 980.430650][ T9141] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 980.435802][ T9161] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:25 executing program 5 (fault-call:13 fault-nth:59): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x8, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:25 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1f00, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 980.566305][ T9167] FAULT_INJECTION: forcing a failure. [ 980.566305][ T9167] name failslab, interval 1, probability 0, space 0, times 0 [ 980.592159][ T9167] CPU: 0 PID: 9167 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 980.600775][ T9167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 980.610832][ T9167] Call Trace: [ 980.614127][ T9167] dump_stack+0x1f0/0x31e [ 980.618463][ T9167] should_fail+0x38a/0x4e0 [ 980.622880][ T9167] ? sctp_add_bind_addr+0x97/0x350 [ 980.628005][ T9167] should_failslab+0x5/0x20 [ 980.632508][ T9167] kmem_cache_alloc_trace+0x57/0x300 [ 980.637798][ T9167] sctp_add_bind_addr+0x97/0x350 [ 980.642742][ T9167] sctp_copy_local_addr_list+0x25d/0x3e0 [ 980.648387][ T9167] sctp_bind_addr_copy+0xad/0x3b0 [ 980.653423][ T9167] sctp_connect_new_asoc+0x277/0x600 [ 980.658716][ T9167] __sctp_connect+0x54d/0x11e0 [ 980.663498][ T9167] sctp_inet_connect+0x11b/0x190 [ 980.668439][ T9167] __sys_connect+0x2da/0x360 [ 980.673037][ T9167] ? check_preemption_disabled+0x40/0x240 [ 980.678757][ T9167] ? check_preemption_disabled+0x40/0x240 [ 980.684515][ T9167] ? do_syscall_64+0x1d/0xe0 [ 980.689109][ T9167] __x64_sys_connect+0x76/0x80 [ 980.693878][ T9167] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 980.699942][ T9167] do_syscall_64+0x73/0xe0 [ 980.704361][ T9167] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 980.710251][ T9167] RIP: 0033:0x45cb19 [ 980.714134][ T9167] Code: Bad RIP value. [ 980.718191][ T9167] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 980.726595][ T9167] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 980.734566][ T9167] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 980.742538][ T9167] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 980.750508][ T9167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 980.758472][ T9167] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:28 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)=0x0) timer_settime(r0, 0x0, &(0x7f0000000340)={{0x77359400}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) write$P9_RREAD(0xffffffffffffffff, &(0x7f00000002c0)={0x1d, 0x75, 0x2, {0x12, "c9474055d9f164f69ffa01a3b1b260c22e2f"}}, 0x1d) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000100)=[0x1, 0x7]) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000080)={0x1, [0x5, 0x5011], 0x3f3a}, 0x10) sendmsg$AUDIT_USER_TTY(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x104, 0x464, 0x300, 0x70bd2b, 0x25dfdbfd, "3b1142c45040e3b2522a6aec0f81c06aee15d7920d8bef8475607788be28e328b7dd28ffe09b40187d8255c08a3db43cfc4f245442e00ea9bcd7afafd39f7e24575433b346b951acdf67dd4cdce5e401bc8cb6e6d8b883e173bbf383e2d91fd7bb8665475f9b50fbdb588a236f91861cc14ff777598f86afd0891e041446c85b767d01abc971329fe0b8ca5bee9c81de927e563e6f8ca00e1f007144f10b778f6e6b671fd5a1b854555b944ffa5d05572e9c78877867ad1a43bc0724dcd2a26a3f9e40ffbacfbecb6ca9720664192af79cc9c7c2b4b554417fa5d395e6e96d49ba2444d2fbb75e8f79baad17eaf74029af002fac", ["", "", ""]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x0) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x8, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x84, 0x2, 0x2, 0x201, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_EXPECT_MASTER={0xc, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_MASTER={0x1c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_MASK={0xc, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x0) 19:43:28 executing program 5 (fault-call:13 fault-nth:60): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 982.808735][ T9191] FAULT_INJECTION: forcing a failure. [ 982.808735][ T9191] name failslab, interval 1, probability 0, space 0, times 0 [ 982.826037][ T9191] CPU: 0 PID: 9191 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 982.834646][ T9191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 982.844696][ T9191] Call Trace: [ 982.847990][ T9191] dump_stack+0x1f0/0x31e [ 982.852332][ T9191] should_fail+0x38a/0x4e0 [ 982.856751][ T9191] ? sctp_add_bind_addr+0x97/0x350 [ 982.861888][ T9191] should_failslab+0x5/0x20 [ 982.866394][ T9191] kmem_cache_alloc_trace+0x57/0x300 [ 982.871686][ T9191] sctp_add_bind_addr+0x97/0x350 [ 982.876631][ T9191] sctp_copy_local_addr_list+0x25d/0x3e0 [ 982.882272][ T9191] sctp_bind_addr_copy+0xad/0x3b0 [ 982.887296][ T9191] sctp_connect_new_asoc+0x277/0x600 [ 982.892584][ T9191] __sctp_connect+0x54d/0x11e0 [ 982.897360][ T9191] sctp_inet_connect+0x11b/0x190 [ 982.902301][ T9191] __sys_connect+0x2da/0x360 [ 982.906899][ T9191] ? check_preemption_disabled+0x40/0x240 [ 982.912615][ T9191] ? do_syscall_64+0x1d/0xe0 [ 982.917206][ T9191] __x64_sys_connect+0x76/0x80 [ 982.921975][ T9191] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 982.928041][ T9191] do_syscall_64+0x73/0xe0 [ 982.932463][ T9191] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 982.938351][ T9191] RIP: 0033:0x45cb19 [ 982.942240][ T9191] Code: Bad RIP value. [ 982.946294][ T9191] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 982.954675][ T9191] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 982.962629][ T9191] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 982.970583][ T9191] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 982.978528][ T9191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 982.986474][ T9191] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:28 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x7, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000000206010300000000000000000000000005000400000000000900020073797a300000c5000500810006000000050005000a00000012000300686173683a6e65742c706f7274000000c3c2f6f514444a4795135155b60683d7a705624ccc2aecb4d1757823c88159f7b7eadb28abb2b5c08d2f092271ac1ce79744d64202685df02bce64b18c21867d54ede1c509140f3fa219736828055c541cf70f"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r7) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) recvfrom$inet6(r6, &(0x7f0000000380)=""/204, 0xcc, 0x102, 0x0, 0x0) 19:43:28 executing program 5 (fault-call:13 fault-nth:61): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:28 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x2000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x4, &(0x7f0000000240)=@framed={{}, [@alu={0x2, 0x0, 0x7, 0x61}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:43:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:28 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x11e79eb000) [ 983.200701][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 983.200711][ T27] audit: type=1800 audit(1593459808.634:1928): pid=9211 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16305 res=0 [ 983.219020][ T9208] FAULT_INJECTION: forcing a failure. [ 983.219020][ T9208] name failslab, interval 1, probability 0, space 0, times 0 [ 983.254332][ T9208] CPU: 0 PID: 9208 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 983.262950][ T9208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.273000][ T9208] Call Trace: [ 983.276294][ T9208] dump_stack+0x1f0/0x31e [ 983.276453][ T27] audit: type=1804 audit(1593459808.684:1929): pid=9219 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.280615][ T9208] should_fail+0x38a/0x4e0 [ 983.280629][ T9208] ? sctp_add_bind_addr+0x97/0x350 [ 983.280644][ T9208] should_failslab+0x5/0x20 [ 983.280654][ T9208] kmem_cache_alloc_trace+0x57/0x300 [ 983.280669][ T9208] sctp_add_bind_addr+0x97/0x350 [ 983.280685][ T9208] sctp_copy_local_addr_list+0x25d/0x3e0 [ 983.280703][ T9208] sctp_bind_addr_copy+0xad/0x3b0 [ 983.280719][ T9208] sctp_connect_new_asoc+0x277/0x600 [ 983.343000][ T9208] __sctp_connect+0x54d/0x11e0 [ 983.347783][ T9208] sctp_inet_connect+0x11b/0x190 19:43:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x0, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 983.352713][ T27] audit: type=1804 audit(1593459808.684:1930): pid=9219 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.352724][ T9208] __sys_connect+0x2da/0x360 [ 983.352741][ T9208] ? check_preemption_disabled+0x40/0x240 [ 983.384615][ T9208] ? check_preemption_disabled+0x40/0x240 [ 983.390336][ T9208] ? do_syscall_64+0x1d/0xe0 [ 983.394933][ T9208] __x64_sys_connect+0x76/0x80 [ 983.399701][ T9208] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 983.405765][ T9208] do_syscall_64+0x73/0xe0 [ 983.406598][ T27] audit: type=1804 audit(1593459808.684:1931): pid=9219 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.410177][ T9208] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 983.410187][ T9208] RIP: 0033:0x45cb19 [ 983.410193][ T9208] Code: Bad RIP value. [ 983.410204][ T9208] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a 19:43:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x3, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:28 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) write$cgroup_int(r4, &(0x7f0000000080)=0x5, 0x12) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r5, 0xc0485630, &(0x7f0000000280)={0x3, "4b23278f20da550aa74b3bdbe7624076e2a04d4b481f9305f3a80166203e7aac", 0x3, 0xfffffff7, 0x80, 0x400000, 0x8}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r1, 0x0, 0x8, 0x0) [ 983.410215][ T9208] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 983.410221][ T9208] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 983.410228][ T9208] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 983.410234][ T9208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 983.410240][ T9208] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:28 executing program 5 (fault-call:13 fault-nth:62): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:29 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x2100, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:29 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x1b0be1f000) 19:43:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x4, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:29 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 983.649303][ T9233] FAULT_INJECTION: forcing a failure. [ 983.649303][ T9233] name failslab, interval 1, probability 0, space 0, times 0 [ 983.674084][ T9233] CPU: 0 PID: 9233 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 983.682701][ T9233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.692758][ T9233] Call Trace: [ 983.696056][ T9233] dump_stack+0x1f0/0x31e [ 983.700396][ T9233] should_fail+0x38a/0x4e0 [ 983.704816][ T9233] ? sctp_add_bind_addr+0x97/0x350 [ 983.709932][ T9233] should_failslab+0x5/0x20 [ 983.714436][ T9233] kmem_cache_alloc_trace+0x57/0x300 [ 983.719724][ T9233] sctp_add_bind_addr+0x97/0x350 [ 983.724665][ T9233] sctp_copy_local_addr_list+0x25d/0x3e0 [ 983.730307][ T9233] sctp_bind_addr_copy+0xad/0x3b0 [ 983.735339][ T9233] sctp_connect_new_asoc+0x277/0x600 [ 983.740632][ T9233] __sctp_connect+0x54d/0x11e0 [ 983.745409][ T9233] sctp_inet_connect+0x11b/0x190 [ 983.750349][ T9233] __sys_connect+0x2da/0x360 [ 983.754942][ T9233] ? check_preemption_disabled+0x40/0x240 [ 983.760659][ T9233] ? check_preemption_disabled+0x40/0x240 [ 983.766374][ T9233] ? do_syscall_64+0x1d/0xe0 [ 983.770913][ T27] audit: type=1804 audit(1593459808.684:1932): pid=9219 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.770959][ T9233] __x64_sys_connect+0x76/0x80 [ 983.797812][ T9233] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 983.803873][ T9233] do_syscall_64+0x73/0xe0 [ 983.808289][ T9233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 983.814184][ T9233] RIP: 0033:0x45cb19 [ 983.818067][ T9233] Code: Bad RIP value. [ 983.822126][ T9233] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 983.830534][ T9233] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 983.832288][ T27] audit: type=1804 audit(1593459808.944:1933): pid=9211 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.838504][ T9233] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 983.838511][ T9233] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 983.838517][ T9233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 983.838524][ T9233] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:29 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x2000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 983.905733][ T27] audit: type=1804 audit(1593459808.954:1934): pid=9225 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 [ 983.935178][ T27] audit: type=1804 audit(1593459808.954:1935): pid=9211 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1551/bus" dev="sda1" ino=16305 res=1 19:43:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x5, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 983.985873][ T27] audit: type=1800 audit(1593459809.054:1936): pid=9237 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16306 res=0 [ 984.060881][ T27] audit: type=1804 audit(1593459809.064:1937): pid=9237 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1552/bus" dev="sda1" ino=16306 res=1 19:43:31 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:43:31 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x20000000000) 19:43:31 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x3000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:31 executing program 5 (fault-call:13 fault-nth:63): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 986.261172][ T9286] FAULT_INJECTION: forcing a failure. [ 986.261172][ T9286] name failslab, interval 1, probability 0, space 0, times 0 [ 986.289078][ T9286] CPU: 0 PID: 9286 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 986.297766][ T9286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 986.307816][ T9286] Call Trace: [ 986.311096][ T9286] dump_stack+0x1f0/0x31e [ 986.315405][ T9286] should_fail+0x38a/0x4e0 [ 986.319798][ T9286] ? sctp_add_bind_addr+0x97/0x350 [ 986.324900][ T9286] should_failslab+0x5/0x20 [ 986.329398][ T9286] kmem_cache_alloc_trace+0x57/0x300 [ 986.334683][ T9286] sctp_add_bind_addr+0x97/0x350 [ 986.339622][ T9286] sctp_copy_local_addr_list+0x25d/0x3e0 [ 986.345262][ T9286] sctp_bind_addr_copy+0xad/0x3b0 [ 986.350279][ T9286] sctp_connect_new_asoc+0x277/0x600 [ 986.355544][ T9286] __sctp_connect+0x54d/0x11e0 [ 986.360290][ T9286] sctp_inet_connect+0x11b/0x190 [ 986.365202][ T9286] __sys_connect+0x2da/0x360 [ 986.369833][ T9286] ? check_preemption_disabled+0x40/0x240 [ 986.375549][ T9286] ? check_preemption_disabled+0x40/0x240 [ 986.381250][ T9286] ? do_syscall_64+0x1d/0xe0 [ 986.385834][ T9286] __x64_sys_connect+0x76/0x80 [ 986.390574][ T9286] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 986.396623][ T9286] do_syscall_64+0x73/0xe0 [ 986.401024][ T9286] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 986.406901][ T9286] RIP: 0033:0x45cb19 [ 986.410851][ T9286] Code: Bad RIP value. [ 986.414891][ T9286] RSP: 002b:00007fe210c05c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 986.423276][ T9286] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 986.431229][ T9286] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 986.439176][ T9286] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 986.447179][ T9286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 986.455127][ T9286] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c066d4 19:43:31 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x4000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x6, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:31 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x400000000000) 19:43:32 executing program 5 (fault-call:13 fault-nth:64): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:32 executing program 3: ioctl$KVM_GET_CPUID2(0xffffffffffffffff, 0xc008ae91, &(0x7f0000000740)={0x1, 0x0, [{}]}) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)="ef24430e203d554e4eb9791dc0d4b8601a8d709ec69d98d8cf08b279cb067f10aace094a7719e1a0b3d859240de427bcb1ab1f64f20c55c426de76f9ac2f46e32e40e7d5199f3c4a48e03f4d95821df1406e565ea5701a07e4928d9e508dbc3ac220903eec46682b706dbcf53f7fb2b03fdbae16f7693698b6fd58a3fa08d47cae56b3b1b207f67a4e95fea153fb4b3c7c70725fba65736b396ea0a1cf4b55b98740daec00348bf5ff2a0819cbad9a95e4ba82de7d95a59206f7b77a210efd611879c5f5f2d7abcd0d8882ef87060a4a67", 0xd1}, {&(0x7f00000001c0)}], 0x2, &(0x7f0000000380)=[@assoc={0x18, 0x117, 0x4, 0x3}, @iv={0x108, 0x117, 0x2, 0xf0, "955f0bb8f1b2e0d1472d3dc2b8a52d13f70bf92fbe47ea105f82df905a48ea7b36b930811daca652d30858aa1f3e305633d61a92143e180b27c4332be4f1a3cc4744256e5c7a3857c0fa40386ac96ca58bd0338846f5c2dd6fabc74dff055e05327276a25b5d8c6122bc43a3c6c0e687c3068c009a671b0b1b61ae1fae4ec13274b577a3297feea8162f8ff092cb831991b9a6e64df44d2dce62ffed9aacdf6a29e277cdd02b977a095a328e8b5759a90430b3497b053cca368f909d90bb28f1535c594ba51d6500a4c1b0929f2df99cc831ec8b196b34ef720a21ccb7c0c69c3f7889876eb1b6e86ccdcc0805eb6fbf"}, @assoc={0x18, 0x117, 0x4, 0x1}], 0x138, 0x20004000}, 0x8000) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)={0x12c, r3, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x4}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3d}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffc0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x65f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xe1d5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xe}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x15dd, @private0, 0xbc}}}}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3e00}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x19a}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8bad}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x40080d0}, 0x4000000) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socket$kcm(0x29, 0x2, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x2280c0, 0x0) r7 = fanotify_init(0x20, 0x80000) splice(r7, 0x0, r6, 0x0, 0x1, 0xc) 19:43:32 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x5000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:32 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x7, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:32 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x6000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 986.690112][ T9313] FAULT_INJECTION: forcing a failure. [ 986.690112][ T9313] name failslab, interval 1, probability 0, space 0, times 0 [ 986.770928][ T9313] CPU: 1 PID: 9313 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 986.779723][ T9313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 986.789878][ T9313] Call Trace: [ 986.793178][ T9313] dump_stack+0x1f0/0x31e [ 986.797617][ T9313] should_fail+0x38a/0x4e0 [ 986.802048][ T9313] ? sctp_add_bind_addr+0x97/0x350 [ 986.807166][ T9313] should_failslab+0x5/0x20 [ 986.811681][ T9313] kmem_cache_alloc_trace+0x57/0x300 [ 986.816974][ T9313] sctp_add_bind_addr+0x97/0x350 [ 986.821914][ T9313] sctp_copy_local_addr_list+0x25d/0x3e0 [ 986.827551][ T9313] sctp_bind_addr_copy+0xad/0x3b0 [ 986.832578][ T9313] sctp_connect_new_asoc+0x277/0x600 [ 986.837877][ T9313] __sctp_connect+0x54d/0x11e0 [ 986.842655][ T9313] sctp_inet_connect+0x11b/0x190 [ 986.847592][ T9313] __sys_connect+0x2da/0x360 [ 986.852184][ T9313] ? check_preemption_disabled+0x40/0x240 [ 986.857904][ T9313] ? check_preemption_disabled+0x40/0x240 [ 986.863619][ T9313] ? do_syscall_64+0x1d/0xe0 [ 986.868217][ T9313] __x64_sys_connect+0x76/0x80 [ 986.872983][ T9313] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 986.879144][ T9313] do_syscall_64+0x73/0xe0 [ 986.883561][ T9313] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 986.889453][ T9313] RIP: 0033:0x45cb19 [ 986.893347][ T9313] Code: Bad RIP value. [ 986.897407][ T9313] RSP: 002b:00007fe210c05c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 986.905810][ T9313] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 986.913790][ T9313] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 986.921762][ T9313] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 986.929746][ T9313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 986.937730][ T9313] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c066d4 19:43:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x9, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:34 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x7fd0fb68a000) 19:43:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x1}, 0x7) timer_create(0x5, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000a40)="fa57d5b66193cf16b47c9725cd71815ffce0b90e19e7b911b6ff899bf6e03a13276df694911ccd761bf74131e8b370164af876474ebc9997454cbc851f7bddca81d288e79791b2970e9a9115d1b83e648c7de4f956d446db807ec84cd54331646569bbb46aacfe247570ac767326c3ea5ff76142dd3f30cbf8dbfd8c716aef5e6498777a2fd6fd12305d6fe331190d95d39ba643d924a41f72e9b7ab383c69f9bf1f87f11f9fcfdeb682bbb3d180d413001f0d6eadf95c036a4dab6d7808ff96eb620d535c3575c0d17b6920dca5ee7ad8d50a8a8ae7b59e1b8a774a", &(0x7f0000000b40)="c9b980f3a9ef1f3076c7baf5c5bb61715ff86f15163925e15839c739e6d6c28676ba1bde64bfe03db76caef37202ec57fc18d64c358da9a8cd9e0b13f50b6f453bbe8333"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/206, 0xce}, {&(0x7f0000000480)=""/151, 0x97}, {&(0x7f0000000540)=""/185, 0xb9}, {&(0x7f0000000600)=""/161, 0xa1}, {&(0x7f00000006c0)=""/243, 0xf3}, {&(0x7f00000007c0)=""/206, 0xce}, {&(0x7f00000008c0)=""/196, 0xc4}, {&(0x7f0000000280)=""/90, 0x5a}], 0x8, 0xfff) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r3, 0x0, 0x8, 0x0) socket$phonet(0x23, 0x2, 0x1) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r7, 0x84, 0x71, &(0x7f0000000140)={r9}, &(0x7f0000000040)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000d00)=ANY=[@ANYRES32=r9, @ANYBLOB="ffff640045f865b8dfc7b519ce8360215022308171c8a0f5ab99c1f9bfd51644edea40024a0459e5b0b3d6e227010ec75113d187d79c3b80e6192d362381c569b0aff3baf0d239070c2bd246693918d4d3d9701192092094d1cf2ff58b00000000000029e203d73a4a5b6564589d73c7915a5399e07dbb1a73308101335d950f5a7bb34b520dbe4c6de429acf1b2358a932660ebe2bbd32e8e961b88eba9a23783c3d97c8c2e86951d2bfbaf19cbf559bf4546b2bb6f2853ce2ab2fd26d8732fedb78e66eeaf672a7ae7661f390d34f9a149a470a3a55c6b61a9314241d2f933603992d72a507037939e4bf25cec4aeec31dbdffa70924a95d3916132e6ce13324227843e6843a9a3db8ede2cb796b"], 0x6c) 19:43:34 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x7000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:34 executing program 5 (fault-call:13 fault-nth:65): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:34 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r2, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004855}, 0x20040000) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x4) ioctl$SIOCX25SCAUSEDIAG(r3, 0x89ec, &(0x7f0000000280)={0x4, 0x46}) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10004000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x3ce09f81fd6c793e, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x4000010) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x36}, &(0x7f0000000380)=0x0) timer_settime(r4, 0x1, &(0x7f00000003c0)={{}, {0x77359400}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r5, 0x0, 0x8, 0x0) 19:43:34 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x8000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 989.244862][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 989.244870][ T27] audit: type=1800 audit(1593459814.675:1960): pid=9338 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15921 res=0 [ 989.320087][ T9340] FAULT_INJECTION: forcing a failure. [ 989.320087][ T9340] name failslab, interval 1, probability 0, space 0, times 0 19:43:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0xa, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:34 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$ASHMEM_GET_PROT_MASK(0xffffffffffffffff, 0x7706, &(0x7f0000000280)) timer_create(0x5, &(0x7f0000000140)={0x0, 0x2c, 0x1, @thr={&(0x7f0000000080)="7e5ba85189fa82a1f0402f67a26b767c9a0c2c3a34f2eac0100e2ae59c383ec59d867faaa2985757b589f7ca67500af8c2909354e7ed8344f570034d5db49b1684a0b7e2ac19a787b599586413be4a90b09b8e5d9e3363142fabf40c634f09620dac05c74e2555c5a04e29f4f551fe88149099598bc67799f4da268d572d9eb8b1a0f2b0390a5b2fd0f64c77d87344afb8dc7b7cb3039edc6340a9031052ece4db621a5ddca7bb1a4d0cd8e4ab390174", &(0x7f0000000380)="dcb5004cbd1c4158460124fc5ab31f89cc0c0975dcb44499686beec8cdaf18d52dae685bbe7f266e9c8c296be7a44af31ed4d541d2cf2191b2a2d8ec83b78b836f3f6d6cd55843de8c994fc6b8b3afce2f3fc8035d293bca5f3a13e3f7d040556727a03f708b31437a6cfb51273071ee543d42b93bd4e2950282d8b825decabd9a2c68020706a944e79ca057172495d7fc8e00c2571e65818741b94bd48116a9d8767ee9d77d4004b987df18eba7a5aedeb75a4725c3f3930ba04c481a6c"}}, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000480)={0x4, 0x2, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x990906, 0x0, [], @p_u8=&(0x7f00000002c0)=0x76}}) r7 = socket(0x200000000000011, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9}, 0x14) getsockname$packet(r7, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r10}, 0x40) sendmsg$nl_route_sched(r6, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1d000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000500)=@delqdisc={0x124, 0x25, 0x8, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0x4, 0xffff}, {0x7, 0x7}, {0xd, 0x4}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x1ff}, @TCA_RATE={0x6, 0x5, {0x1, 0x50}}, @TCA_RATE={0x6, 0x5, {0xff, 0x2}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x40}, @TCA_STAB={0xe0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x81, 0x30, 0x3, 0x3, 0x1, 0x7, 0x0, 0x4}}, {0xc, 0x2, [0x2, 0x2, 0x1ff, 0x1ff]}}, {{0x1c, 0x1, {0x2, 0x8, 0x4, 0x7759, 0x1, 0x8, 0x7, 0x9}}, {0x16, 0x2, [0x3, 0x7fff, 0x90, 0x0, 0x49db, 0x8, 0x3, 0x8, 0x3]}}, {{0x1c, 0x1, {0x0, 0x7, 0x7, 0xffffffe3, 0x1, 0x2894, 0x5, 0x3}}, {0xa, 0x2, [0x1f, 0x7ff, 0x5]}}, {{0x1c, 0x1, {0x6, 0x1f, 0x7fff, 0x6, 0x2, 0x7, 0x8, 0x9}}, {0x16, 0x2, [0x1000, 0x20, 0x7, 0x3, 0x9, 0x1e9, 0x6a1, 0x7fff, 0x70de]}}, {{0x1c, 0x1, {0x0, 0x3f, 0x20, 0x7, 0x0, 0x8c80, 0x1, 0x2}}, {0x8, 0x2, [0x8, 0x40]}}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 989.350657][ T27] audit: type=1804 audit(1593459814.715:1961): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 19:43:34 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x7fffffffffffd) [ 989.414901][ T9340] CPU: 1 PID: 9340 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 989.423522][ T9340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 989.433579][ T9340] Call Trace: [ 989.436872][ T9340] dump_stack+0x1f0/0x31e [ 989.441207][ T9340] should_fail+0x38a/0x4e0 [ 989.445750][ T9340] ? sctp_transport_new+0x86/0x570 [ 989.450861][ T9340] should_failslab+0x5/0x20 [ 989.455373][ T9340] kmem_cache_alloc_trace+0x57/0x300 [ 989.460677][ T9340] sctp_transport_new+0x86/0x570 [ 989.465614][ T9340] sctp_assoc_add_peer+0x28e/0x1560 [ 989.470835][ T9340] sctp_connect_new_asoc+0x2a1/0x600 [ 989.476127][ T9340] __sctp_connect+0x54d/0x11e0 [ 989.480900][ T9340] sctp_inet_connect+0x11b/0x190 [ 989.485837][ T9340] __sys_connect+0x2da/0x360 [ 989.490426][ T9340] ? check_preemption_disabled+0x40/0x240 [ 989.496143][ T9340] ? check_preemption_disabled+0x40/0x240 [ 989.501863][ T9340] ? do_syscall_64+0x1d/0xe0 [ 989.506545][ T9340] __x64_sys_connect+0x76/0x80 [ 989.511306][ T9340] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 989.517371][ T9340] do_syscall_64+0x73/0xe0 [ 989.519003][ T27] audit: type=1804 audit(1593459814.725:1962): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 [ 989.521798][ T9340] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 989.521808][ T9340] RIP: 0033:0x45cb19 [ 989.521813][ T9340] Code: Bad RIP value. [ 989.521819][ T9340] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 989.521829][ T9340] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 989.521835][ T9340] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 989.521841][ T9340] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 989.521851][ T9340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 989.597447][ T9340] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:35 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x9000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 989.629009][ T27] audit: type=1804 audit(1593459814.725:1963): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 19:43:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0xb, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:35 executing program 5 (fault-call:13 fault-nth:66): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:35 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x10000000000000) 19:43:35 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x3, 0x9, &(0x7f00000044c0)=[{&(0x7f0000000100)="dcc6c1322e26b141279eb563d510736f23b623d1728d017d23daa2a7f20cccdff945864918ffe66a0aef2129c9dde3d311ba5f581d7976c050c448bb08ba291d23ba186b418cb309b788db7a8b7d6d90c652c064b90351eb47d16a1587fa91b0fd23a986e79163e12dec4532056813eb3d240d91be3b", 0x76, 0x100}, {&(0x7f00000001c0)="5495ecfa6287754ee705cd5f58ac0d3bb9147d74e80f13b493a6f508f163c7e227b9031cab4d6966", 0x28, 0x4}, {&(0x7f0000000380)="6f14009ff4a69e05aa8bbecf6536a47ed7e320221fdcda41a9638f297bd761d9d08f6281d954ce999b43574ce5609e4e07f9bda8ec53144336a82d6a68e423157c19ad7ead8877a702ffc82376327be1ef685f58c9032732ccbeb2c2ca7757faafcd783c6386d4da47237afbfaf20afba22ccd6057e37a301d64ae35b07e3b6b6b91db39df4f588b88950d11b6fe9c34d691562498a60454793ec7103d2cf9166d55fb509ef0d584fc1012d0ed497ca1a291f0d94f1227689bb16e83055d5777fd04a2a8470c7c98ff9a8e284cd2f5644815e1061812beee9f27d981e53af233b298a680ae75975e4f579af6dfb3cbc98335b17a4e340dde17f78eac66d2d15af73756ec18a1be8b3a0270517ab3cb16cc7c7c0f3d2910a0a92d3070a52a6f87c85b74fbcbdae7c56d15fcb9c87be4ee1986de6e63557a072e9522d5b16c47bb2276ebbb617a415c96e188e4ceb0e5e4a4027dfd60ba085c7cfff5b751dffb171ef909fbea53e3c40991bcc5e0adba8f77d2b4a47b325123f727debec318d8453873b98eb7f5d564aa8826fbea348d738fb0c77d252df2cb5229ab68b0ed4e3129ee63cb84cdbbdeab11fa720f7a33008c4a1cbc83cd1686c624afc733c259ef11c54813abc29f28e6bf8c112af86a2457f64a29f2600c62020989af5115afd93859cf405f368c34aff0ec213deef51b50d652beebef024b6807e075716b313859498772de07375eca5fc9f9c2edcd620af45aff720033216d68eeb5847f1bdf020aa18aa1fb64865939453390d85297db5d476e5d535035ad73e25b12748920a82e04535772692e9bd58a2bc715342ae3db790767aee3a780969ad560325d55f9a5a272a3fec0b3e73ace5bedf55ed2fa3e1c28d7c5948c2798bb379c42868b1eda548ef849ccec674f74c41f6167e03ff51ca5e1cc380b0dd8f28ee00e490a8d3c2f74069dd4f5ca1b4d219b2ccf3d9989472dceabff889d5ed3c4e96675e2ce05867f4357a75ea9411fa9ba3ebdfc1bde259ff726f3bd8d95f43d8f6564d5b6333029794beb95f80f1b40aeee4a866b8e7d67e7638a06737600294e360462714c27f1afc074fe5b7ad7cdbeed0dd4ca4a22d785066fd31038e2cf561a65ca67ad9da20cee9832bcfb903a8879e463f4e311ba9d60ea03ae32bb2b6e820c052f81ddf5e3f5b1a08c476ac20fdd3d0c5559a85287645181262982f1fd986f2c6139c892a9253a1ea9f1e714882b4929d275b5df9bb49e69e118aa74855c7c262d6e3ae703be8b02a1235283b38030a012fd48b7e37251fa818a242631661d8a562ab07e202228cfed96bcc13fc6f3ee0c0b3a8f2f0ff951f4c0d29e019643ed37a3843180b16f081a5923b471a4f5ecb482a901b2947a9e8688ffe2c29283f570d56cdd95cc8a9e45b491df711cd8f3867db056566b173dbea378cb2efc207475ce590235a34236176de810a4813791ac8e09aabec6463a220a420a9018dd1e9a135ece99242f56939c490dc7c03ebdc1b1d6900218519b3b46abe25038531cbcc42470f0299499f39a54f819639e5ddc8240c9e5e5401aa76cbcdb2e41169756ddcc8759bfc31be0f02344dfcbfb7a21bc393a92dc47a78698a66b94a30a4b34730056dbff3af7a3264b3b4cd8f4578375dd983a54f33875847f64f83ca1d8ce1650a02a4da1ecd00bb5ec3b65900065d031172d04c9a965876b1df49c1bec93ae7dde8eefc2e08bc21bc0935f693d2c53cc5bf6153d97a1d591bff6f82f14c60811a24a7e80e2edfb4c1e432972c2eb8c7b4da9ced89876374371edba266630b5f2b7f32b60e1590bc514f8fd3abafdbcfc27ad342cdf94eb32d27719630596330e4c016525f07c41b3fc494e14f9fcc0b355f48ce2bceb87dad9722b96f5f0f1da50dceeae49ab568659d19bbfbeaa3a2b0bd37b300810f4c4a22f1ec50fa90373ef8a5ae49c957e3a7bc93b15e1e179b4518dc993d354c3bf795e45956327bf5e45292a0e03a217d32fe57807ff2f452e9db6c503e82a5e51b9bd58de23d8616bc08decf4807fe0478e413649f6327768d7047ccec81652fdb285ab92f2392e62da3d6722739a4c9cf4483dc6ee62488e18922d58a3f93636a01d0f8597ac673bd01a8217dfbaf3594440279841110fc0f5159b79016c12217d8561b3c9ec9b0b9b6fd29dc52e33f98237e1a933716a4421c6ec7c54a12ba9c6ab3beb715e82ee7cd91d3d4739b79fa4766c0618884034c0e07c04ac787b24768fcd4485ce699d48227f2b27707c674bf54b1f1c72a14731bbf32c6ced2422b456f20f348d033c60af16b14876f904682466af729eb2ad31b5d19406a6d789ca94a759b0f43f474e76bc1f26709ed086399d025714fe4f615e7ac649494dfa24673895c4c353b61ec74b5ff7837e576a1d5bb5baa5192b51a6ce069bec3bbc76cf58cda0d4fffec197c798aeb83997dc7d8025b3ae7268f4b6840ea90b41b730985389fa62639f6918cc24fcca447183781167090d89ff75240eba8d643a585181e200665761afeb42b7884a0d21ff5de3166119991eb3389f397b024d9a50ed1e53ce3ce2ee49d31089cd0817bdec3d25147917c52adee59217b5de1cca77969ca581cd2199e37f3e615ff2a7c499689f018f2f1149b74716fa17a15fb3ed54061cb14fd164583b5d1cd58578b2381ab190ac0df0892bea95dbf54533a8cb7c82876c46a6acfeaf97dbc111485ad3d218a8a05670a7943bdb58790aad4a7743b2d092f248ef4f2c500cc472a0cfa7cbbf26f640ffee5f8a99f7536fec47218788e36b5fbd1908b5ab8b6a9b1926b786b1e539ae1989518c8b2a9aec7277b2f52113e44d720db8921fc488b1c1df709da9a052b8409000552f1cb54f5b1bfe2edc56343f6b794a8d62188e396eacc89a87cbd932ddc039b46710809e9c0ad4840875089a48fbf8f19fc2ac154ee98f992be44131857007db00692dc63e4e5d094cabac257f00faf867a9f670d2760fb8bd34e792dde28ef91bb863cb04c9421fc953ca7ccb1ce52619b4c046d458352436af5022ba16851f27da7177b12278e3559d010b8fdf060408d2222ffdd34d42e889a0f487db6cdf2b9b87398c6cd0629f5c2d6ebf0defb7bb0680e98614966d8ed2ec049390210a1f7d78b196c284fdbdce5b84443b4f0ea04a3fca69f1b045ed385609116a4abe8640911173a2f14b2d0b952dee61d8c749aa500b8a43feec93236af94cc26f160de60ed2febb03d8d53e64150cf6aec7a18e1339ceb2861c8a9210da5996caf15b69b37b752a2298f2556cad32dc82d07bffbf39d734e751052e29b70db1f0ae76ae6cb856061a27edb4dfa49424da20a82565f70bafd1d61ab4b5b9af7e761e0721375baa2bc8919abd9b3ff48dcdd0b0a30271ec032625352a6d649a7e55856095b60de12546547704ec321103e996a8f4e288349d5f9ef8cfb5c6356ec4981bbdb13ffa7469e9e76a56c28d6b5aab418a8e2efe26d470642f8c3fb8765506b1d2a8df9d74699d8a4022be69eccb7f27f403f163cfdd368d6adb4c0d6f26e5e9958f7372346d33cd5a7ffcb51019e2994751da6c46750af4cd6105d4839db320c2b5fe560286b1bc2516b3e99befc022d158aea2a687c2ffcc7f63046b8048bff4fe0080ef390ffff5f1cef3614c757cc605cda22cb0d37d2b03863783690dfa16eb31b18a2a0865e97c9bc4c5430f73fe5f2d97c7a4c4c7406d1f349479093c5e74c0130adeae2d4ef42032fa0bd836955aa50772c54f5d74f079ff2e4135e030429f7cc1882f9b3ec5b55f9370f4470daa05f770be7138b93571a318dfeaffd6bb21d792a6ac49a4f434c630672b42122e84b5092d271ecffc34a41b647663a45693f740459dc32fab575c9d9d6fba72197c37d3999f4dda62dcd4ef0cf359986bb413dcb333d38e756b2b14742fb70bc48d47c07655bc6d4e07d721f0457e2181dd463ca91567223c2113c33a58baa0ac3b13ed6f1584a92aaa440aa60e3d9b83ee7126a344915a50c39f547a2092ffbe67f13135274755fe03393e20d2b60ed778709378ddde1358f2e70f4ab2b74b227674af76bd2ccfe2c85e34dc50f681d05ee99aa079032c557916e35b1a9850974273992668403e284db7fdeb6741ea11d0d02a0bb7a5c921225581febd34a06a19d363128d5dc4f5d2665042e6a2b4c5010b1298ab26175dc9967e38870f64cdc6d1a968c060ff5ea4b23c4e6e4c7a6ed8af7d9bc8e4ba0ef1c172ec141a651643971e657bc8319346d6b122fe047080faa17e2711a43a0c74e0be85b5e83c21a052737aab028855abdaefac90ed694abe02b1aa5ec01330dc7232cc31d00c4f7f041bad0e44f362f59869caec2b627f4ab07d8af955a6679496108acd03408de7be4e5c30af6ca65e32c53963b62272319b5e640281c751b4135320ba1a07e943bfe59e6dab40192d7584c36b756c497878fb6133e24282cb644df4fe224e307204705d9f4682905ae5972c1a0f96501832ada8255e310c1cae0373682d46b7b3fc80fd89e3a94f58a5be8ef9d320d11ba3fd6c7876d960ba98a960b5e402e25dc9afd660eb9437925d108775e68325e1d0af57960f5420909ebe158504a720764b75cdf93cd5330d1f03a7cd455c0492041f4d00b98de6f3da46a66a0bae75776b60ef60cad9abb08cc0a8848ba35df832f920c450f7bc1cdb411befa31bee00c82fd8c82dbc48d4f8d6a930d5269f47bf49b9713df04abe9236d8845e44dfb71d491dd8d4b8833c83a303e3666ff5a0c371812fbf25d8d272a7f5f16f7bafbaf212b42170d0ce29d603989edb9be5308068fa058fe7622cf1afdd7d0b22a85c65e810e5dc0decc7d60b5c329aa53da299a7b5eefa97452faf60b7be19cefd414967d5f07b5c34455acfd6297704bf2747755edc9c3c9b3768f0714644f59746ca1aba984759a2beee75fa5637b560cbf86929d98d410e4d76b92a20c57dc6997af61897d438a2d78e8a2657701577f0a0562d72c25ef7898e1ec0dc6db076d8f516acabc5ae604d431c2c491fd1b0818a040c167728a2422ec548b8e9596a2ea19bb980c4ae9b6f592ab0676911f39e7e64f8bd833cae0947e4ebc396eb69366525c481a2d1372070b534dcf5de3f8035455ac112e02c63fb0858ec20870f48143e1c83b815d0b3c11f37e25bba3ab26c9c717435a0ac415ba33469ab2b1ae94b2d773ef8f1dcfa95bb9b08e08b6c59d9f0e2658b43a183d760d86073278cfbf0f5d8645ba1f577f5e8c36ee18c0099a0ae6956b7cd1148987a89f03160487e0de5e20a1db56910bc2b5be6b38e6e0f422c4d9ddbca24070ce3731ca46827643c5609705b1d9cf3e4a2d43ab61696f846231c76c9e15451db01f2539e28c874719edf101c12b79d481d1894fc3fcb1ad5628f23852568f9f6a3d1114b012f79316065f8aaafbb0052b63a2e3b0f3a3bdef831c9d5e43f3a2e6eb0b40f89883e134b5d3492b749ce0deeb131209a7e6d56b3267e0f88c411671720408b6b56abe125a5259abe91b924a48de38f7d7f424134036c7a7531acf4dc0fdafd49bb03e145649f317e75a41704d30a8f4b72da33059eb52f43b06f316e3ffa4dbf438aa2f7c8b61d0f7f2426da443ecf69c84f6c7225978a3473681eead933ea9147f2ac54d0da2786f6e74b3119658b1690c8e708ea71f280e25abf99a867095bebd3f8521229abc791fb1269150ec2e20ac10bf1440307a14c4b539c61ed09b457df5f1b1497d3fe27ae20b12b69585d4f0fe9d07b7c4cb7491f", 0x1000, 0x5}, {&(0x7f0000001380)="963590fad67c28e4576ef1fa09c6abcc28e35b3af239b8fd31b97dd600ac02a8b532f690050177bbcdc454c521c9867a289540be20938a41d8eccdca1ee197727484025eeb2c6fd6082d93603f113bede0afed3b1d4e3d00c07e6c5c773dfaac21ddfbb5c71a16e48ad7a44478ecf0e73968da02e8dbdf88bc8803c869f6f981d8fff886408666632125654a35d88c4079cffdb8da9749737a2d7fc664c6dfb1dc8e89f6ddac5ae7358856cc34ee2543b38e1dc8067ad3c7528a809ac590a600dbf55e47e363cf7b78155ba289f375b5c5c4dab89d6c4c4b695bebc988364eddfab6e4559fa5fd184234170b437a094ef88ec972cc64e446c029aaa25cc9a0db5df5ccda9932b5c7054ae9a016ebf8a3c8c2822dd6a1a12ff03ae20e9e71ee0f087eeccb9610d6ace2d48db78d1642fbefd84e6d5ae756c897ceb6a8634992fbebc77451da324a2789f50461c75dacb148d61326e4109469cdacffa4ab4041b51e4115e5e6cc093e5276b99a988678358b1a0ec48aab595013f888595402742ffa84c60f959f24ad95ab3a35e9047467d88b257696c94b77ca3845a6d6a02f38219f742353982802971ebb6356e24521f21191f57053de07dc129730c97ea92825f8f3bdfa84f078df565d8a2a10028034e094137626143eace65555ef48360058bc8c90d5adec717243a02a98f2fe9e496ddc7cdfd31966372c0d4bf6d5c1fcfb4c5ea399525bcb92f1430f2d735a69c365e03ecc191510879ef350a972d6cb9b1ad4acd99d339c425950f0d0807baf1bfac2efd3375c22007e367bc1426e225a0bece640590e05e948f92000c198a2e5bb42f19d917b69b4435861eb5be342e6d8d1eaa30cf5ecd7bea6086b570d6998797b071f9fc93bf7cf4db9469a2f2d6781ab14c60267271467bea923db7c9cc43b43e6a220e0fc9a627658168077e9ebdbea11a3059f53a45e9985b8118d10e70fdb92729098e881037b32a0518f67ffeec65910873768df8157101cba65e39100fbdb98d90cad01e31fc7812492db802c67d49adc89356412318a2d7c88b0cf567466271f20679ff10a05f078a3db2dd263ba293abb4eee8df9423a1b19758b1914641e6d1aad56138c089fd373365e22acc3a29b948d25e2407c431f279b9075d2721925e99cf82e23d9271f5e7666004f6295d0509e56188a79f6cb9066b0247db84a24a0ce2e93ea56eaa19cf697b195db23535980b49de46f4ce3ffab056906a78c443be626bacc447a596616e784451117f64bab108587dbd089951f06b6ee05fb1dcbfef5cb1021f2b5d66764398c1e19ec476af29ec43eb6c331bfbfff01ce22386f6cffa40244c6f9c7ac51fdf4c15e7bcfeb5f3a9d13b918861a810db351046ad74b6167daab1290ea6068570f917bbd87a1583b1808cbf68b6a67a6a3fd9ee554546eaab8072b5db4aa4f4479c8ff4f22b7865a5561e7369a96ecbec8d40d0742976186bec3c0e4433f6d7ed60ee90fe6f904b49eb718a254a717f33622e9b6da40747b3730c57a1f7f571c06a81f05975ce09958bbcb25bda7e3427c2f36ae3787cb6464804eb7c78bb30fc8170ba5f032c071a318c9440a605b77ef62f53863e01fa8ee8ee123af9ac6da15df45c0e17e4076ab9dc5f5088210a974194974184c2a4601481d3fabf02af39c2f5e0922b447efec10e28b58bb23a62b2aaf9556fcae4a00b0999a06189891eaa4da1724462ba6ac6e9bd4625f26cd04146028b7c6baadf4e4ade946ee9c2c217a536c91ecb31f11fd868f2daf9bab3db1b15cb92104cf942f8843df774551b746033e39f8b3072f7019b96d9cb92ad6eb599838a4ba018df5b2779d9985b318d95b456f2218b896db7d26c7d53f695a6ee8f6bce7dc237b1fdbaa7ed4d47ec7d0ff73ec3e52a60565ac4d2befd5cc832dc83f6d374dea9e49346e01ea7a47fca56af1fc2515c4a79e9b682d52a4c874e685255346454d7a43ec3c7a6982083b91fd89c689c2602532ad09be3f10994c2e052e5cd9ac6350d2bc236c6f82600c09ea99136e64b5c0f713aea65b14a8ace753fed850483246d7b17f81ef6db8824e7d09150b9a92b94c9399460c819f3876e816fd4b01f8eb26c702ea49e46cdf1c0aacd3c74c4288c56e43084ca58b321c971f6b87b7c34103b35df791e927c9579ef9c6abc0c90d4af2ba039f764620d97e72ab399db64cf669e066bf99adec3567288398df5814460e39911fa638041c433290d18af364a96c68862f2c4efad62b70971522f42b47166714e57a777c66b653c85ae80bae31c260f87b344f94827debf6f391a24b867fce05eea9431b0aacad885eabd4876882dfa79bd07bd75df56b1f57fae30492e640e4915cb82b2448d7c93b04f990ebadcd88165c16426c349d8b3d73051e1bf87acb50b1ff9042b72121dfd2c8350fafdb3a596addbfb78d443198c2ec4b0f1bbbe0dd675d1b7787e1e935b489209b7043340ce6977f7e36ca953dc2ac95b01cd085fbf35985289122f8fe0e4d8aa6041933323f42ba9026b9d4b377a4d3248f0b191a38145179ecf4f674f6c079a7e4f9d29b3060ebfbf1a2b9d6df4924e8cacc408c8c9ec24d5d1fef3e46d33dc22f54282e4bc8b25889d41f43f19bf0eb38991722da6affac32e5929ce4b624b48af5de593732bd80a4f04c7b62187bc7eb30fcb1a50b3bee1bb68fb1f51f98fefd1c688aa1c11c764f1ccfa11642af058e49b4e6042be9bf53b252fb7a7603e03c6415b81024892a9734161ce20a5f3c39d8bd5ee3df440baca1d4d827114e5389f9654697aea4fb33b44737a37967d177dc2ddf21dec345dde08a77e63c2f374c962562e5a2ef18014e6aab95dabbcea42f8345a633c584ad93a442a0127e51d4893f085cff626fc2a5915db3ce459e54aa7548daeb290e8ffe0a1ce6bd7b85a410fb86d3bb63cf8202009107b00d0d402a05543a69d7d412eeedbacfcb70ebebb51625f86bbbccfa31e73b80ce99ab0638a1cdb97de54977f45cd706329ea448302b004aa4c19ea6f9915266f201176e8d9554a0570b3cf3502ae931af0ee5a851ef965f9240a3169e4f6e090a66a7378e3c0fc2a5de5fa9dfed59947beb1b6d1578e134ff011430ebc775f0a6be194751498f2f8d8a407e608fff28903b219d3153f1ae7862c1f6a395667b7397cd228fe80e89b3b950a8bc12f30b2be2e9b11e77fe5af83cb9b0fc37855bebcf15783028811b11c737f0ca8a6ea525c5689b2d46df5be99ff92238d01747bf2d76cba0d9f107ed421a90e3846326e9ddf4798e03e0269aa3b752c197cd0931cd974184ee63e3ee32ebb16c37b41a274c7d507537ecebb9e70e9ea72caf67647c8cbb70b00a7e7e944ceef22ff5890b759dc43a6be00f730e0c034ba8d37bda572eaf614a63149c1dad929c6e8713df9ae5104129c6b58b53fcdead270a335597d9b2e9de7b3421e09ec205dc954247cd95fb5fbc87d775fe6834c923def4856624b58437534b34ac33fac288ac2b145a490f25ab80c1ed0d2f30cadbf217a458275299e2f9fde9667d7885548a85147195ea8a1989d0a52a086d785e2935bb30703366047c2943b78f6b03f8b2fc5ecb0c798ee939a5a43b5f6c06e76c780462fe41598c29bfa0f44c9bf611f8289512b77030e771a0abe875cfd71a28dd8dbb54d1a76e25bfe9df8197dd387e0a3869192e66e7d406d20733391b17cd8fd6f6f0acd3bade1fb13e95a242e9ccc1e5b65116fb790d0ae0ed56f27f50e2c4cfa9c9483a8345cc39829e0b0d688e91f660fc3eaae71e1f776ba0b0932d753820ecdb10169664308d5f65ebcc68f6d5a340828ec80ed6e7efeddacfa9415d64dbf2d3ce9c2d7605bdbe755d90a02a119329ae54e08581f70dd2522d8b14ee9e2c2bc9d7a47a4bd8cd2901805ab40ca126890078412f428c3e8d7c1cc7f45e95ebbba9242699db2faf05d4e85ad1f2a421d69e85ab47397b2b58e87b3278e858ba78135dc31d19c630e4b9bffb060ffdb426ff30954b3aa22162eaef305d8d6cc0633446583f702559fc9032e1ca2653bf766c7249a5c81dfba3907dcf629369d94ee24a56e702e5cd0af7fec48abdf3543e921ef2b216c7bfaa60cd7359308cef5c81f1efed80fa4cfb7d3977e376cca2c423584c1aa9e070f0d45fa3da71bf5e8ea2802d0ecb0c51621c0ce747489d849d3d504802821e179cfd0d177bcf5a5130fcf33fd28c557c3cdccdff9fcb68d979b70d397d3cea14c9c1c105641b0569c1d90f9f44991e15bb65ef9b1327ce39123c0b006b2fd72bca08aea765e76238ff3be956bc64636cdc4f82f95c36a66281b708e1ae71512d17399d0b39c6780a458c23bdff936e285f52aa03dfa3fdb30388390944df06d45f15849bee1db355db7899138e4824089fda7044bbe2a1de554dbf5fe110164f626909900b00e18430a9d377c5cf0cd58b0e9376815ff235e5c87033908da7202d76fee63103c2555380ebaa1c71b6bc0b4657de6c82c69fa6ccb2d9618d2ce2c2ca55549fc10387f695cac771d992c0f187b19821e4aa2977bc086801149e13859c3824b4d61e93754a100a2622335cac3e3ff6e43db510a246f86c4cdc6d42d22e5c1de1649a12a3c2f1907f4a766cb2d5cf2993f51265650084f7bd63118ab66bf81d104b48ba142252a2659bbd3691b6d4169d3a8ba3bb8e04f82da4535146acf9c356c01298354f543557b42f0fa375ca3d364b5aa2b99a6ca83ff7a0417a8cddbff27ed0297ddb2cb3551dad30d5df7038a78f443d5654b9c9551b87b185bca165a350cd5d877974593b11bf1b244ac4da83b021b723b6551bb041fb64bd06410b5eda196b48438b8e4c57bd8cdaec7204f62eb8e955841536e5be9319a7fb76b46bd84229d4ec25f14986e72873f4ac207af3817af469de708f8fd436516e56142c8abef80bc112f06be7e2a80b8460c2e2a72b5d25933dc320eee2debd7ab29927712c11929436e5ed472868c00ca63f94ae065e36fc0e0b395fba66401278a99b5353a008e62e92c2c9b574a6c2524065aecfe6f8656b552483b359349ece50e5f78cbba0aecdd6858220902d13ab998ebf9a8b504288d17241c8f9d1647a2e593bb41b7bc939b1425d0d5ba66a27f0e7c0b7e26589dc98e32c4978388387d5200ac8447940ab762db987640107b5fe9c49b24f14905a23ca8c3ed755c156fea1fcbb6744467355ae1f695ab7680a21af5c8d1df3824dd06e532b1da25e886022aa839461ee97a47e0ac733f3174031970db79877934c070160d649927c85b7215b78b124c8e1a33f9b646045e4e4d8731ebfa4c07bf5a37d13080f1e0a6b91c6a4fd7fdd103e5a35d7aaee2515581e1bed10d3de446d98731929eb33166045019736fdf300c380e4cc20abeef2aa998e457ccb5c104e2fa661dd3b10dfe7071784414530086f917858e060977495b28e9a082f02981b1ab3f2c5f3bf8a318dfd28d23d4d41d2081be8ad7bcea08e0e236ba1191cffc0f61553e7c3c69f88383c2f7bcb05b82b4133a163da2e0d9a2410abad83d27d38d81b810ace10faca0cbfaee2e89f68c6b2d7fa9ce24c1ffe8c49fb9e7402b0eeb34c4e60e4e69527fc9f7f850bf92036a2ed1b8301fc129730ef67e8d9e81bb7ecbf05bc4def957de382656a3f11ecec8718c17cfa935657096843139b677ae392e43a00226787ef43b28d8a08e84c0a41fa3b9fe2fc900f61c07e8d5203f3462319c9f051e99bc9c4f75e17e4bf0336b71e5b429ddfdf36da3982122a66d271530fb9", 0x1000, 0x3}, {&(0x7f0000002380)="4d3e888d6f01ba178809e9c071a2c9af42e167d86ecc907f5a379dda490dbc24bbab9ac3387e0861dc5b85ff65cac53b038708395c4d0b68d64fee8d464a2a61770ba9004a9183c0cbc78e8619e0ede70c157331700e50c4e6fa9778fc5d7f1c9c664d319f54bd5b3c1138e1bc9359cb5939322a283a39f39ff36d46c64e58c7fd16193d3b62301059aa074e0e850ebc5662eb94d5b819ce3694bc8584e8b73ab7ab61199392e5a54669bd54a494192d35b47ecf6c0fb7145798d1bcea54f80523aa57e1dbcf91b14e95b88a71a89fa040ab7d8a351c78952658424184f0310c4412ef409a97c52ee0fce4692acd61d1aef68e780b0a3818f5a4d41a65975836b23336f34876b1ef74194756ff1d7af5e3f1fe0382127fcd1f9828f32b03686eacc2bf7816c802672a485cb3336829aa348e8adf31d0f2218bc78e9b5fabcb5d72007b09fddd31d888813de037dfd96fde4267ba4f7a38e49d07d86d6e20f7722951467ca00286a9a446920c0eafec1a24cc69e64cb908b0202fd1c2134991829d968773fd305621a11bc10ed5d471c368173318fe327884f81d71a6d647c23e382268a3c016ebbb3111c2c91fa8f862e73a7ddf526cae66b0147ab81fb153c70f1d53e7961fe6b1b039e4f1bb769ef3a398ad08d08e1ce011327c4db16e471e254ba49dc0d70a9418285554d8b4e099f41dfb0bf88757cbea2deb79e60d4fc63bee087b649323f994ef382b716eff9b4a4d9bb1d6da5becef9681ce4543cf087febd94b0ec40dba6d0294b8028cc3e6fbffc5b3be3ae1cb587b32f87df75f87c2184d8d15e9ef4d6329a76ed23ae44d6f9d674d7a50edebdafa9c82e70d0226ad66cfd7bb0991c1ee87c7491037d03a539029b5483182e1e14221dc19cad3a7c6bf90a165541be50ba62e368cd8859409a6d0e3c009982c7190a80759ff36e9ce11187daa82f2434c86a48a86c42ece53ab53d8b110dad2b5c98abf279fc495c9346c1c340fc8ea78e8f6364c787cac0141477b21cf1286a51e80ab3f133d9c0abdd6e86a019f768b18808ad3c02b9d8111e07956daa54128d5add93c90ee984455378f9dde2d9d35a882900dff3a847ababe758a1ca77b9265ac22806a742346a12f7780688ba981a720f277e5e30fb4fd750e6786593312af4319a9349807f9ea3f604a8468c2c83ce45cc5dec90e7d519059984e01e4f238430d052b719681a690afc32b3f610522509b9f6202e517ac6a51e93bd7b05a167af24d78a57dfc1308407e4b98ac293df5544443750835509ec1725776a6ad9a428ee15736f79584afcdc1f2e121aeae71dfe6326f142b36cb67f8e366904a24f412ab7e36571f9a27f4db38b97f1947d5986f13b9e961321bb9d63cbfe91949aa0980ddfb1a4388b544ab78f1b4a1662d5580b0d6a6b33dd6d41be2859893fcbf57d295fe63c0e9b4a0904295d752ea9fcd8135f2d6d2c1358afb4b45ddb2af61a24160c749a1cea1549471ce57b4775667981e5d17bbf3aaff069d489ddbfdf5d261be03095a589b36e5721a725b68041ccd8acd8d25f4f638e7a24f52f0b4b5cb6915a404fd85ccf5ecbc4896d42a64b57c05c6bbe41d58668a1f172ff886f196df6f6a82d1f1f77816f6f644b2eecf7d7f115ea17cc1c6c77a6016f0285b36724ca4ca382083deb4ab62a4dacf540815c9c6a5a694fdd12a1eaedebb1b4b3158ede9581d7afb0e877089a55517116e04497bb88ae8495070255d199ac23a24ef6342bb7fa9f1d4800ef221cb8f488037e2057204c0136c754e44a462454a6e8654b69aa5b7cbbb81570e26d11e3886461c0163520f13c266b16b154ba0ddaac66c46cabc0b3fde6999c436bdc5a9e5ad1bbe0dc98be94ac323a7f873763522957ad6ba68d491dc1401a513d4b55c88c8928d5c841a3bd2f1108bb44247094140adbc2211e35d839316143f84fb7344c3cba49a1fbfbbfa57129337dafc804de41ff0280c5d1394d8ce15c898d71979687bc37e1e7f47ff5ffe6f2a09f4f60878b11818578cbc22114ce222de2c0cb8fb5115b34789b1dc7703ad47971313610e403a5d274d24ac95555d10e3dd6ce7d0bbf0cf70c9e54cf7c2483aff6b9204bb7deff8b49ef189cebbbe0a43d8b78f6932d94af1cf48b347d78598ce65d1d6628f19fd078870e12d682f655310b62a55b8c4cac5dc8333b464be9e70f6134a32c4525983ed36089d9f6aea2e93767519da25302cee26f9b5a559ad4f0770b3668b16d95052402ef63b145b9adaa38ba346507c6ea6aa66f7f7863ea7d075b35a5d90f01c6ecfdb6333a662062de6d6c3759f92f5d318e77fdf5bf1f2345c15862492ee3ced610f8fc8e0ebec5153e8e5027d08e40007139b7617b2a396ccebda267fccd9771a7de5d219e18671f812d5037fa53e4c82f409b39b351392e2d82211f519b0cd55a7c9334b431cc177c8dd1306f64145a58b37b46d8d086ace02c63f2672a161c15d62eeb98decee3a0f83ccdb90757664b8042ed2af329f0e2adb0dfc116b74aefd5fa97c5f68236de79f2835bf92045a9a00dc47ea819e420f173e11e145c0ea0aa43e0a13b682641894ae7cdd41cd3da72dfbb805ac69b765d95c96a5da1dc3a607a7c7243c9788a7956bfe1a9a63beb67c3ae077a0e44829e059e1f6333a622bbe051e585cdf57bbd05cc1e2ff3030368cce48f103e4d7ad430a405c9d35b18181431519b79b1a0a3045315c7a2537253336c054612174e962bcbde5dc75dc1c154189eb68001e947d678204e7144a0c8e71865b298fb239bf922591889ccf160b1ef3203186d7a6a3c7ab15d96bc8adb95c6a25409d0e5be8ce3b135355da7d594d7d066421e3367e89be44f2e861215cd218c281e3f7b3c19be5331c31987604e651b0dc3f570a7cf0c1449a1d5125000cf113737c857b27da865c0cb7b1eff05eec2bc8ed8512ca080e81aa2a0de2cdec780a7e49861f9584a7317b32560b63eb05fcde64f82097b2a7877422d10a7e8c40968a0e6eea37af6905a20a45ec1faba03488570e9de2a424a6d2b76d16907ca48f4e702a8a7f22b544cf3638ced5f7b97784795af188683a6c4ac32e6627dbf06521274f8096461e81aeba542d6148925b2e04ac1730b3382b8b87dcd4149c7f31bcddb479f20e589f72b7f0ad3f34d48d890f6676af5f241a64a0834ef5670fe5548d9b5eca36b5e7023a7b57759a4756779385f45e65d61f135b6975f47100209c310cbe5dfd5697bc0d6546f475b49e337af6ccb6404124809f26a229a01c6543be17791b710a7112f0c41a584b500dd5ea44638f2ed1c7a2b142e8a45debf49597ef4c52f07bb0e26c8870d0867965f9b9580aec71151ca7e0eb5b3a359a389bed8fd32e94c313fc231f31b4fbeca9baf7f50e136c6efc0afda545c9669621d3ca6626dcf3856a67bcc111549b8f5b11b288be38fc00f6110dde66c98efd65e03cde334e1e0d148a0e6a360eef002dfda9cfe4ec9461b8e56d70d16842bf333f762d8c7111a96c65edb39ada32f4dc11149984d5b3f158cfa3ed7c7c8826d87161bda980efbbc24f162205910b80c7816f98cca3fb922f0c3a5fae8e36eea878ec7ce8b01b4ab395f0777eb67d5d6821bbc68a26df013eac0719f3b87ad0dd2ee6b3b65fdbd1c9c04fb531c01cc14deb1a64ba40c787e3ddda9d7d77c37191aae4462d31cb42251d7c2f9c362163501678ce6dd511356d98438ee442e949fb48f06c19a6d1a5314d4056f0418ce67677f2f80bc4efd85e304e48203ea50e60253f731de999c97ab3bcec95a3b5915f0e59dd302eea752f94759f8ffecca50ea498d21e43df2d7b2968194152cf8adbcad95c76e5f5a582375b18e8c24e858a3b6b930794559a03c32a5a8f7d0876478a4e13103095b77c23d20444177ec2434c3b9e18a78bf8c18f0871c2743500ab51cb524512ba5b06867e7d49e08271a2efd0ef2f13c17c40ea6167c1f620911cad2503ac9be946d63b72c48c1a35af1946d535b8987e7f74f59cb459288c0759ed945c621583f6366a449eab98d00216db87792ff0f6ae891e58321317be1ae9242fd8a49207eb568086f1230d3642ff8123362b6b2ca9f17afd8a8259f6887c753ebd225ae7f525d174e27f915ef129358e6c147dce60ea4ff468a16c8eb2e44a6aa2024bba606b2bf6a591f28ea926f6fea53021aa9b579c1de56f1677329fc7fda3be8f58fcd45c14c35377ec0725c959ad8a0aa908a2a5568ccde3aff73f823179a6730252a500686f23f613294912f075ef03b5ff1f39e5e458dfa6d9d3f6d5fad614a7810ace6d6f3a50719ae1e730ffa06320cfe515f0b48b39e1af6e4bbfb5dbc3747a61ad5b32cf03b653d193dab174bd4555acc4ee0d9fbe0f11c02ddf590a6c8ad64f17e21931e14e6479baaa3edc52d146464c8c4930b61997848573541c2a8326bbc47e07c14a056792d5a01889c0ddbb8046f805a7a16b9e63bb47ad5c0b6d6a55f994f142fc29d4b66329f41cfe2cb1b67486a5a39c52abdd449a49addb04b13dc5ed72df64dd1f5dc89197d4cd8de07ee75b92dbb356dfc09fc46c7b415618339b2a0128595f737a8f34174990348a4a15b20405df5d637e18c165717ae30738f0ee77ca72f20f1c7ff64e623f3d7d0561edfe13d8877338a2ef21a4da78e59494d874e22585b57e6cc9f33db64223aa73e7afc109db4d65ba44a7e49609a206412dd977d9be6beadadfc649315e773d8c07eab0d879fedd20a6ebe20a75c1787fc933241d80525efbccf80096654b665888a58d66e2f9b6450def5097add8ccc4c9d62ab228bb875575a267dea7c3101c2c3ffee1dc2214b7d94cb37207b4f6f30b841fdd5084e539f00046db8ae160f2aded19cf0483c14bbf8c0aa0f5621bfa12313e739f698665bec93aa3898ed096f800899e7ec7448da1362adcb9e36004d87ea011f65660e3d6f0d7a7eb48933126ac5a1fe1dce9b94d57713086595bbef8329563d187980d85d5e340dacd572d598fe35925d75a8622f89a1da0a8a8fb067ff0a282ad6936481f424e75d082b17a488b5a57257c7b0f888295b2177fbf373a26ad100117bf67ceb18e9eac485dcefbbd26d0feee1c54853a4c830378a6fc2ae1c401c310ce9595ee980994fa5d632113caf7544933f6a20da7176f19d3c7c3f6ff01c3e0e644ae53706693edbc7855100b619707460b5066db5909716b4ffc42b435adb5ef694d0af8c8b379e500aa432fee11b2c592fb6dd0b2daf9420cdecf68337e3e6b899cdedce63bafa84442e8580b24effab9daf3bdc944524e9db94a8f06119ce4a52bf607973a2a590a80200cb05911a89133fc44124141272269a984f3983f12ae69559de23ccee1649bcfe80fafcc325632b1e7f21893449f39f3c179829feb1ef6c628fd1e90048ee1324781424d2ea2c3619866a86cacb3a2a1eacdd2b5b0925918b620fc2c31c43d1a84118f19d825d9499496d79c36d4996db036ed7de46bb7c577c9896466a40f0368373966ffef3970677e9e29d2d24647998075c1122634594fcbc2e2008388ccd14d667d258d29445d136dd51b96ef2ecf774c71e60c5582c45397957956ffd4bbb313ce5cda4b587fb94032421824c8c3814c0c7fbd9291d21b183281e89945b161eac34c5bda338cb5b200797f6ef510139379649c21b99b81da617e8d9b9b27b21bc97631589dfdbc8e2d36dd295d7090959201a9d80e87267233ef143c38ae08b4e3fe9fb80a4b00fe36e113a30f6e5295148afc90d53a76c2af8c", 0x1000, 0x8c}, {&(0x7f0000000280)="48d3800c5e2369822ff3289de126231f7a6b4ce1f9d993590dc182c6b78b020704", 0x21, 0x80}, {&(0x7f0000003380)="ec0ca99c9fae08192362ed05f5c5b7f392879174a0dd05d4662072856ae695b18516a170ae1f3188e5380050a31a5da19fbefcf1d19aa9ca0b664a821a3baa36ddd36426e5f43fb7e3095bcba4165316ffcd6568c56c47a105c7cc3d92a438c3d57fc3e163f2c9e46114b49e96632cefbf18cb800321ca3aa94135ecf944df99467442d107faaf4b9a20a26f78ce907a56a71bd985b403fc12a4f246b17acf50", 0xa0, 0x3ff}, {&(0x7f0000003440)="b135732de021584c81435b25fd16a9c0611fb53fcee3a46c2c46206d9b7e95f086afa77a23fbfb1b93418fce65f04d9f7fc8104c4590b8de8425a2b56c18506bba37b72ee9a33ba382ae8ab7561bbf7d8d2220fcfc0391b41a05ca396c5da16cdbde5d1fc032", 0x66, 0x6}, {&(0x7f00000034c0)="5ff00b3cf631a42fb9796d15267c9297a32ed285b076144c18dc32c863cf137180caee8ea5ad0345bc486f7173ad832ab360ea07927b4657562f476cec3d4bbf3dd44dbaa6929f3d84044cec4b49d47c32bf6a8e2c32e2a1a7a0fa0fe5c3d09d623162003d8671dcabc56f35dadda6377a1a056c2435708211b1e6acf2675f303e0c5e08f6be0668fc5ff1a31901e6da37c750aa3a6b9db04e8b03e3a3c3e57e1bbc0aa6e3778c52a9e4da988ec318b88ee8c5d993a19ed913950656ef927b47ce0b4aa3872827e9190c0fae0ca52cef1e8bce7ae1479ee8e1b76bf94d9bd40d09150cf9e76d95574713cc3915b0339065a2e6f0c111353834b19969fe0469f276a8a26a12bf70c2d0a19545b063d983a79a66cdeb8276ce072c012b25679eda6a243a30a91af9433f417a14ee86ef8eddccabe868380610073f0e26fd75b588b4527065c2b7dfa0f7423bf1088beb53d860373ac09c585731178bde60ec26d95198dfdc14971977532db69c8093e3022548696250e0a1cf7d4a836c26ab775001868050ee3e711ab8ee844ad3d85c9ee72116bad39ad5597efc2c570cdf6d2d7b3c8f1ce7cc0fd574240bc6c506b6af627dd0bf4579dab84168fda51892e4e3f3372afac58de67d7259094927f78d2b92692ced13fff7b7636fb42a88915a2fec3130c1c192c16e38b28cd205805f115e70c6416d154eb6b0939510943bad4a39250405a500e019dda1dde0896b9fe888672f51118de36cbdeb34d6d57ec8c9d1471a2ede38c80686e5b026cedad3b62ad6de71e8d7039c7fe3c4289ea6dd0b4d5b5acd0965340aa2bc5a14f037e2132a202e4fc2e17812e3a8de14cefb5d4b43e39d2d6c64cb11d09e2cb15af283ca08231e905328e3315486f61a6c930563cc13d70e0f53265e17ecbbf719aad52bb0eb8e13cc3595c749ff5b71871e97997335dcbc4c73d8595dcbe878a1e05c9fede6cbbb4fc96eb7766f34f08a95a418e1c57d0e46b755867db09ed783bfc95ffef9a34e30350ff72e5906fcb08627cb37f17122ac1967f4165513ce2b6e6c91f73ddb6a2c5e4310fa3c962f96ebff7bcd6916aab8f967f79b8b2c24d3adf33c32feff98a643daf3aee3f8cc7305b36ef3d20bb67a3877fc78cd9a417c026ee754a0c1fb767c20a9bef1dffec2a3e7ddcc36cfc5df7e2f4ab04c1cdad9d23642ad334b1bdf3e9d69bb3c2558195a2a59bccc8a410f33a448b478ed8e78a77e04e6a9b189afe333d23ed2ca5119f9cdedee4254c7aa4c6b2373ce9ae5a15b21e33077fc3f4616642d9d2613b96dcf32897e215150cbabd58d0a85f164fd73716ffaaa709c58a4ca0a71e9a94964c8baad38ccc2df526841c1e42d0bb4846d97c9614a27ceeee787d3d0011cc583fb10cbe67e49928da150c8e6b3a3d9d40c250fed4eab45bd8173e5f043ad1fad999ce7ce8759c3373c34b83405025b364c9a62f89d295c2393b1a960993145b6b891e6735df8c5258dc14d4db82c20c4003046d81fbf1eb671efdb6c2df722d3d7325b198461838e37ea595b4ac4e47e21b4464d93783dda2d34e0de455cb115871c7068b239f11cbf577b0a981caec4b942b2c1ec1e9ccff29f6134e94fc30c40704f4b00d890c177eabab8eef8982bedb0f8c4cdb43c9eaee9eb0638f7398b7e666f3e8b4505a47b2006e9f73b03f04fe25daaac71143243beb935e89abf5f5abfb55397d7dc0123b69ba99d9a043ce793c2d1565d1507369a9648da4777478ad164dd3859372115469ec08cf8366f5826c1b7749215c723699ac742242bf76ba69845c90af7b896dbd1b1d9bb4f00093889cd9a43a98da5f3aa2768f68df1da657b2776ab6f1479192f59fe71b50580188fdf17ac28fb3584efa653b4dda7eccc68374a426b371e6505317ffb23903f692a98f5ef8ee2d248e495f1795bcf7e9c81b0643d30364224d06c0a69305e08c34f6e674ae035f6b3065e036590b478283684cca299d446ef182ece2bccc57b28c5f00dfc4e0ce221a8ac98edbb3b13cb7d2e949293bbcef999372212d00cc2c014a389a6254342e4dc420f50555d1aa89f2934ee8047d68c733123761267de5fa55e052087bf34f6f46d73efb4fd09d58205251d086273590e64e2bfe8d3696d01dcd978a04d8542e3c5d3466506a2e2a4e308c55ec19cb17420b9a6219f69dba043b565639c83a04cba5a222017bab7715690799612cf67d8d7331d7afa89a4c6c64f459a579b4dea3176c3f4b0154bfe0e29a939ca4bfd6ba24a2d89eacdfcb9b6e28fffedab035649de9fa9bc2d2737b1f2b926ca168a7dea984cb0a86ae0951ed9c161c3e8eb84699d4f20e8efef37ad662d706df64400be8b232a90e5be005544eb590bc4215c4626f1fea3f7d7424951918a86f73c7cf2707d6cdcef5a1910a6d16dc0efaed7de94d42758293229c6dc7bc2e59bbdef745fbe150ea0cd698b48d1bd73e738c15c81e68353d72eaba63795e2ffa9eeafe3660c1aa2ae02994fb962bcb74b5e60465b1c4b6739d8ab8c21de1d1b6e8c2cdb00d636b5e9ff8c51541cf7a27f56e65cba79067c5e1e2e371b926787521e49ea555e5f08ab7c88c7b4a681cdac65afb31fab6404cced82ff208666af9d3a0d7629ad334cd7d60273a03e715d33e6c5adc77525f490664182c1da4895c97cb42f042e9fb3f5b6f4d1f59c46ccbec1b2e5e0253e8b0ee6080cca49d6dbdd174583db5354a0017ecf4f598f28a5f1e6ea547368ca165c4df64a98b0227771ca53dc4149823e0c216f3739e0735dcedcd16e6ccc4cea79700b7e4ed707b0e5c01ae248c432301b79a09110bcb0b998a11cf2daef728d36d651362ee1a6036300678f874dacff7c9d1eb9a386a2c420529a47d121472e6d2b302ee24d1d8ab0e49683582c280e284d7b353347225f004ace3b2b5634515e8829c13fd564ce2ef2880ad3cce0e4db047d3458a2519b7d478cbcd9095c69dd2d81ade4bc08f526bac99272087ece71cdc95b77c0d4ecf280ffe0bc8fb3d62f7cb90b38ffff0e0ea7067e53e8148ed030a9f6e82476cb3616360f5225455a6a660d854b8bae15339799e6035b20c72fd4ac575164a07128c749bc46cf036aec008cf8f8935a74a25d893481fc5397121504d8da989ece7bc713317beb06af6543d362f15fab8ae74cc66abb1c74b7cb0f8fe53fb09aef9b6a2ab83269ad2120532607be8029a6fe9960a7160480574c372c962187ec6a25bf468d8186f1a3d6bee6704a2d0d99009d440bc43dfe3788863bd7ff500e0d3988c32a5780845240511458b0f62cbe1defbf2efa4064d41ec8137192fd484b06ef4f09f1571fb81387aab5c93aa2fb8a2c2bf2c9f4ac0a6b777d3b0fa1735454860125aebe6fb7a71d5aeb3a94dc42781f5c00b7f3459cd6bccd0e2830a17f64f504c0f75a6573adff68c4894fabc9ea7f008c6db12df0d6f22dc12bcc585b7be34ab891675fecb4b1d3ccddb8143dab353e726a7a1cdb41ef732d376af08d5a680a50aaa6f1e3fd5398c5b3222e674a30f718601b9efb655a15c8fe372b694b9932a790f9a7829dd31b592e158b7707e1ed050c8609aea0efa27f97e6261b8ce8edd30fe11bdca54281c44644ff5d35789b88d703c4fdc546f62050bd8bdc75d20cb0d7112777a893048aaf0600f4cd546a0cee89b1a0cbe1e2251460b0c56039e29a1e6cce9baa70fe42523901ab4b6d7fd6579d569b5532404d3c6bfec34d2474fc13102219359ca55f892c2c2439ea0a5a51d7cc980523528e325df3dd8c475a8756ec45a325ff7d0de38cfed072ecffd78dd73f41772b33c067daeb2911763cda96c91a0b1e58a0127e34c27f164475bdc10f36d1ba7d0d4a8db1a406beab16fa021d504b57fafaab2c3678ff3560e75e39bf35c114a74a80e92aee647d813f493da575086273df6053ac4d5f00e57f3502b1c0d7574a2a6dbece87b43f509d34d50ff1f5ae2ce89a13f15ac978151d6ecf62792df2a91b5c5ce4127a2548aa1773ddb2294198a8e77ffb4772283c3cc7cd4cc8f3863779443b49f69c5ef80d9c759babd1f3f1e9a1a53e06ae5ec0e1f89f9ec41ad2d7061fc93fa3266b91fb005c48412d5a3ca28b7b4905ff609230383a1148aba07173a5af983965adfc1561dad62a0dea197b02845f1b11cc4c7555c8bbc1646b3971100a2bd804c0c1f5f12fac9052c822e0fcfa09d675563d6805ce42d485839b94afb4f2881606176a247b31c7ddee156948df6af31d251aacceee48ba2707250822dbceb6dcf43a21deb89e32e2c07c6cd3cf95f4d8e47e0dadfb6a964cfb90340a2dac07c8424a9e119d619e75892b170725d20b33ea7dc308aef1eb32e4225a1f05047fb5318366c715c14676818a6ece7e8b4c5caa1c610a3311d918845760a71eab65930c5ae3ccc174cf66c6a291a75ac6c1fd7e4bfd19237f4a4bc195718087cc5a93964b93f0d9ba7b695c549b4d64c99cd99f061ad20421460673505cf34806257bd16d42084a6289f03fa5fc22abb08c07ba180903ea8b76f5efcd3e906335247c4bafe693c196566cd46a7bc3490cd723723f984d8e8548e58409701c68f8cd249aca3a7c16f05b092129fb1ddce016c1001071bcfc48c9cd0041a49ba6d347806480a202bb33ebe0268533ecafda9e28c8f412aeb6f7e0aa0ef33cd3aebabe064e2158a3761575b5a59ba2b23eef2b1d0db8085f21d33358f39676a4b9cad8cade0178c625ff3d422ddfcd86567d03b51618e19f874b825b1ecc0b58f96cefcadeea669eb0a91a3b8b63b7b4546c0a66798c8fe57e824b27b1f00f4f75e27a014e1b80d2291574f977aa308572e295d2a9b4ba635352e86d1277b0f8327643c2214a1e8db0b64b889f1c38dbee90794eb70e350f5513550f28b8e9376ca14ceaffc7b47e9f965d6ae7d86ee4ce69e3823c2ca7853285b02943db8a4402ed3242b56e40f596d0b2a3212794ec666df72eb6ca03748e5f9bfb7b95ceabb51546c3be15714b922656b4e77b4329fac2e414ccdad56abe7c98571997963e1787df5eeabee5415b4649a8cdeef037dd85301543b72626e54b9bf850394a57a4c705323577dc8391e9b0226e5cdf550fade7fee48acf660ee02644683602a9540c59f7ef37f7993eba2d43d78aa0daeded45d448eb97610947f515cbbf6ee5605c344db1179d2c471cf7d452c8f834218115657e12232ec41447591bd2c93589f197c7550f7bd0249ac969f880462f837ed3eede8355519f89cecfe0ffc35786532485a89bdbf684247a1bb1ba5f44fe2e9fca36fde0d8fde9e11eff5959f5b128fd7acecf1d8140adef0d7edf29ee0d9fc6d249cf404416ddd626f37d1addf28ce8c99bf9d24dd61750dba077b8795b421d00dbc7195cd7091b4581260ba65e1f3e2fc3b36e970115e86dc1945be04aefab519e820c74c7a42cceb13d0b5930aaa9cae07d343d174055bd224c572737bb890642a633d8cc5ab7b16312f88528562d4b7e878d8b9afac04dca9b22b183f33522ec02e6ae901e643c36145e4f95acf393f5a18e0e777ffc9bb16e72add48c7a4205b977be007b75eb6bc86db1fefa4bf366f6d8492e01577438e95820b28ca6aee037af031ba7f5e83603d83f9c7348b1d8442105fabac55a3398b418c391ba9d1138805979d04c2b0bc009d526792fede6b6cf09ed72e359c82fdecbd847fba72e883370d4281b01842ed75b655161e81d675df1fb626676432b59096d6cdaa0d7d00928612c2778938aaf251ba82c1cc79046b9f23573031eef0b", 0x1000, 0x8000}], 0x50, &(0x7f0000004640)=ANY=[@ANYBLOB="700008743d3078303030303030303030303030303030332cee6f626172726965722c6e6f626172726965722c6e6f6465636f6d706f73652c6465636fc6fe220f9e6d70480c6afa2554f24b07e560d9393963511fe1d14341f5dac7312b274b3ad4c5c1374b1cc8735912774dd4fcc51774dabeafb9"]) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:43:35 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xa000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x10, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 989.739916][ T27] audit: type=1804 audit(1593459814.725:1964): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 [ 989.839489][ T9392] hfsplus: unable to parse mount options [ 989.853779][ T9388] FAULT_INJECTION: forcing a failure. [ 989.853779][ T9388] name failslab, interval 1, probability 0, space 0, times 0 [ 989.861557][ T27] audit: type=1804 audit(1593459814.745:1965): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 19:43:35 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xb000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 989.904073][ T9388] CPU: 1 PID: 9388 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 989.912692][ T9388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 989.922742][ T9388] Call Trace: [ 989.926031][ T9388] dump_stack+0x1f0/0x31e [ 989.930365][ T9388] should_fail+0x38a/0x4e0 [ 989.934772][ T9388] ? sctp_transport_new+0x86/0x570 [ 989.939979][ T9388] should_failslab+0x5/0x20 [ 989.944482][ T9388] kmem_cache_alloc_trace+0x57/0x300 [ 989.949768][ T9388] sctp_transport_new+0x86/0x570 [ 989.954704][ T9388] sctp_assoc_add_peer+0x28e/0x1560 [ 989.959908][ T9388] sctp_connect_new_asoc+0x2a1/0x600 [ 989.965197][ T9388] __sctp_connect+0x54d/0x11e0 [ 989.965260][ T27] audit: type=1804 audit(1593459814.755:1966): pid=9352 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 [ 989.969985][ T9388] sctp_inet_connect+0x11b/0x190 [ 989.969999][ T9388] __sys_connect+0x2da/0x360 19:43:35 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x20000000000000) 19:43:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x11, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 989.970016][ T9388] ? check_preemption_disabled+0x40/0x240 [ 989.970026][ T9388] ? check_preemption_disabled+0x40/0x240 [ 989.970036][ T9388] ? do_syscall_64+0x1d/0xe0 [ 989.970049][ T9388] __x64_sys_connect+0x76/0x80 [ 989.970061][ T9388] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 989.970070][ T9388] do_syscall_64+0x73/0xe0 [ 989.970081][ T9388] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 989.970090][ T9388] RIP: 0033:0x45cb19 [ 989.970095][ T9388] Code: Bad RIP value. [ 989.970106][ T9388] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 990.011562][ T27] audit: type=1804 audit(1593459814.765:1967): pid=9338 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1555/bus" dev="sda1" ino=15921 res=1 [ 990.013087][ T9388] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 990.013094][ T9388] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 990.013100][ T9388] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 990.013106][ T9388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 990.013117][ T9388] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 990.067133][ T9405] hfsplus: unable to parse mount options [ 990.200347][ T27] audit: type=1800 audit(1593459814.905:1968): pid=9367 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16098 res=0 [ 990.242533][ T27] audit: type=1804 audit(1593459814.905:1969): pid=9367 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1556/bus" dev="sda1" ino=16098 res=1 19:43:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xc000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x508f0100000000) 19:43:37 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000480)=""/170) r3 = socket$kcm(0x29, 0x2, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f00000001c0)=0x0) mount$9p_tcp(&(0x7f0000000080)='127.0.0.1\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e24,cache=fscache,cache=fscache,privport,euid>', @ANYRESDEC=r4, @ANYBLOB=',appraise_type=imasig,subj_user={&,uid=', @ANYRESDEC=r6, @ANYBLOB="2c7375626a5f726f6c653d2c2c7365636c61626d6c2c636f6e724419c24d418cb664a371dbd9959374654478743d73746166665f752c"]) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:43:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x12, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:37 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000020601030000000000000000000000000500040000000000090002007b797a30000000000500010006000000050005000a00000012000300686173683a6e65742c706f7274000000"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000000000000000000050001000700000082bfaba5605c3fa3e78f9c0f5c8e1ed906d0f125d0fdcaa75fcd9641581eef3cd10a78f130d385d465a6f86d2e3e743bc6a770ddab7d5d3a69c3b41805e25a797a2d9f5fc999e6358ae57c75763ce9a75880da86a2a69b417c3dc36af729ebb8dcc63da1ab32c9103af455cfd69cac2fc370f1405544a362c45209542975d80422570ae4"], 0x1c}}, 0x0) fdatasync(r5) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:43:37 executing program 5 (fault-call:13 fault-nth:67): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x13, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:38 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xd000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:38 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x80000000000000) [ 992.581454][ T9440] FAULT_INJECTION: forcing a failure. [ 992.581454][ T9440] name failslab, interval 1, probability 0, space 0, times 0 [ 992.647076][ T9440] CPU: 0 PID: 9440 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 992.655693][ T9440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 992.665748][ T9440] Call Trace: [ 992.669039][ T9440] dump_stack+0x1f0/0x31e [ 992.673389][ T9440] should_fail+0x38a/0x4e0 [ 992.677816][ T9440] ? dst_alloc+0x14e/0x500 [ 992.682230][ T9440] should_failslab+0x5/0x20 [ 992.686731][ T9440] kmem_cache_alloc+0x53/0x2d0 [ 992.691496][ T9440] dst_alloc+0x14e/0x500 [ 992.695743][ T9440] ip_route_output_key_hash_rcu+0x1377/0x2540 [ 992.701826][ T9440] ip_route_output_key_hash+0x14a/0x260 [ 992.707380][ T9440] ip_route_output_flow+0x25/0xb0 [ 992.712404][ T9440] sctp_v4_get_dst+0x40e/0x1280 [ 992.717276][ T9440] sctp_transport_route+0x10b/0x2b0 [ 992.722475][ T9440] sctp_assoc_add_peer+0x5ab/0x1560 [ 992.727680][ T9440] sctp_connect_new_asoc+0x2a1/0x600 [ 992.732969][ T9440] __sctp_connect+0x54d/0x11e0 [ 992.737746][ T9440] sctp_inet_connect+0x11b/0x190 [ 992.742685][ T9440] __sys_connect+0x2da/0x360 [ 992.747280][ T9440] ? check_preemption_disabled+0x40/0x240 [ 992.752993][ T9440] ? check_preemption_disabled+0x40/0x240 [ 992.758709][ T9440] ? do_syscall_64+0x1d/0xe0 [ 992.763389][ T9440] __x64_sys_connect+0x76/0x80 [ 992.768162][ T9440] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 992.774246][ T9440] do_syscall_64+0x73/0xe0 [ 992.778648][ T9440] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 992.784527][ T9440] RIP: 0033:0x45cb19 [ 992.788393][ T9440] Code: Bad RIP value. 19:43:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x14, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 992.792443][ T9440] RSP: 002b:00007fe210c05c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 992.800825][ T9440] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 992.808778][ T9440] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 992.816848][ T9440] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 992.824916][ T9440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 992.832874][ T9440] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c066d4 19:43:38 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xe000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:38 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa068fbd07f0000) 19:43:38 executing program 5 (fault-call:13 fault-nth:68): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x0, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 993.113663][ T9471] FAULT_INJECTION: forcing a failure. [ 993.113663][ T9471] name failslab, interval 1, probability 0, space 0, times 0 [ 993.149392][ T9471] CPU: 0 PID: 9471 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 993.158014][ T9471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 993.168073][ T9471] Call Trace: [ 993.171369][ T9471] dump_stack+0x1f0/0x31e [ 993.175708][ T9471] should_fail+0x38a/0x4e0 [ 993.180131][ T9471] ? sctp_bind_addrs_to_raw+0xa7/0x240 [ 993.185591][ T9471] should_failslab+0x5/0x20 [ 993.190093][ T9471] __kmalloc+0x74/0x330 [ 993.194262][ T9471] sctp_bind_addrs_to_raw+0xa7/0x240 [ 993.199554][ T9471] sctp_make_init+0x9d/0x2650 [ 993.204235][ T9471] ? mark_lock+0x102/0x1b00 [ 993.208759][ T9471] sctp_sf_do_prm_asoc+0xcd/0x3e0 [ 993.213779][ T9471] sctp_do_sm+0xfd/0x55a0 [ 993.218220][ T9471] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 993.224976][ T9471] ? sctp_transport_pmtu+0x1ce/0x460 [ 993.230246][ T9471] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 993.235600][ T9471] ? memcpy+0x3c/0x60 [ 993.239564][ T9471] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 993.244923][ T9471] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 993.250364][ T9471] __sctp_connect+0xcd1/0x11e0 [ 993.255138][ T9471] sctp_inet_connect+0x11b/0x190 [ 993.260068][ T9471] __sys_connect+0x2da/0x360 [ 993.264642][ T9471] ? check_preemption_disabled+0x40/0x240 [ 993.270336][ T9471] ? check_preemption_disabled+0x40/0x240 [ 993.276030][ T9471] ? do_syscall_64+0x1d/0xe0 [ 993.280598][ T9471] __x64_sys_connect+0x76/0x80 [ 993.285348][ T9471] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 993.291401][ T9471] do_syscall_64+0x73/0xe0 [ 993.295814][ T9471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 993.301683][ T9471] RIP: 0033:0x45cb19 [ 993.305548][ T9471] Code: Bad RIP value. [ 993.309593][ T9471] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 993.318053][ T9471] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 993.326013][ T9471] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 993.333965][ T9471] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 993.341915][ T9471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 993.349864][ T9471] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:40 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x2) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r4, 0x0, 0x0) write$cgroup_pid(r1, &(0x7f0000000080)=r4, 0x12) 19:43:40 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0xf000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:40 executing program 3: timer_create(0x6, &(0x7f0000000080)={0x0, 0x30, 0x1, @thr={&(0x7f00000000c0)="d8dd6b91f78991daa98af060cdd166af4101a98d25b3717616ae18bbe72a14e8f87bdd36487b8e94579e6617df04ffd00a1e0e3fa2289d83bf", &(0x7f0000000100)}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:43:40 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xb09ee711000000) 19:43:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:40 executing program 5 (fault-call:13 fault-nth:69): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:41 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x10000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:41 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x11000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 995.591765][ T27] kauditd_printk_skb: 43 callbacks suppressed [ 995.591773][ T27] audit: type=1800 audit(1593459821.027:2013): pid=9495 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16318 res=0 19:43:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x402}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:41 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, @thr={&(0x7f0000000380)="1d974283938c2de95e2809ee0ef85072cecb881062691965f828c85da5355b153708d016745afcf44624b0be0458277eb40f4ecf043dce819ef24ef585dedde8ced5983df825747b52192c488eb382c06897d0a54f4ec9f3417f18443f212a86a1cac4f39c625de5e1b08c64f1d9d2b4b58d84af01d332983ba683b106ba9299d86151d96432b49e2cb7b37126f1f4f4d8d5be500dfd7ea5210703f54a040b367c5b22785311cdbacc003bde19103448eaeab6f397edc12ff705865755fc0d06570155320156a924545dc9ad2998a4a8b4bc56c126a8db611652829f93828f79c25a10c2768a97196a78a6ed86cc3f721567f1a93ee83208507e022ea2f7e245d8f9b96ef00c02ca8379d3f679ff51521672b4091012a4c045606693cfa601fb966b70ce431c76dc91d9ad35ec69eeed2c3c67c0a15b5903edfdbcead15cc71b32aedeb7820df48c18c94539753b4277d60393423d6eb10135995794f7c1e120b72aaf0cf7d08fe5372f9f305cbc5d286bdfc22e649d1e399676206afb21f9efdd103886158df65f9af77f6a0897a8996e766536c0ebc7bcf86ef68922b6b9572c2471f8db9f10283926771b19ee1d2f8ac1b6728c1d7899590bece009f4e57a032ce8f4051756e92a71f4494867a14b2a5e9036fe5e8cc36e711af58faf955d95c9413375dfb2b2cfceb81fc196a5a9b5f0f9bcf1255a52c9bb46667d2e01fdb057a4fbb8c4c7688322b661f5b15083de1dbc213f98af02d9836db098ccf906d9811015553656815899fe1d3dbf05cc65e65231713a5c33cbb092c1d439b3988f213278b2c45075c8b2da54d3b7d1b39e7eca00305e86323f905e28afd0aa600f188726ce6b570f2a3f88658c4734afec403b12751036880dff8d4566b8d294303bf536896091655d463525c3229faeff2ce03cc3e30e9551e8ec0548e580766f06b35d5b34671ad624b6843ca47722effdc9c047a59252a8516bb73c4374bffa4eb453d5e9025a4ae570debadca89b0788dbeac837b09190ae23fb04da0079ad7b38f469b2fcb97a22e241e784a46e3254194f30f484d4bad2c40223cccc2205d7694ccdbedf2752059a6076b277ece7664b3ce97af4be6e09790b5e03b7a785334fbd78e9bc035fa23096493d75adc22f4237be31976dd4db39919fcd38c82676a9c9bb0954c6ab719d188d14abc90081ca7060e4cda0f4cbe07d4cb5fcaaad58ecbb0c332909ac1287d7270123c1d2c4229738722c9d6f90d3580c8e43cb1b5d0e7e2eecedc761bb3479af55a6ffd097fc9691e3647f621a3006828a3dd25cdee3624ab770275e972162408b5d567a0249f1cc0c369db32db9ae461ec52e4d9f09c191d68ac9814882c8739a6bdf9ebc7d19f0f42299d16b506c00b3cc86ab400ef177be974a8810182b93ac746ff012b2f8df316ef42870ac05f8a1dcd092a34cf5ee411cbefb31eeddf041fc57e3bc49f669465839333fe6a4545c2d7b18d05b50543f641f306253c172ff4fe206166a4d1b05ac2b757a98c046de9a0b760463b71670e4673b8cfafb284577eeb81f329aee165b1e81f2d71b478e115b21a57c8334284c50c2ab2dd52e9c39dbc8697a2c53bb35028c1ac31fa42107fc42e2d977ce8ff485376dad1017125aa8b26d8e7fb88a1fb878f37c09b263ed35200310af5be2582d313c6e04be533edc5026de14c1d0eab0b7bdbfd033eaec6d6f0129175d241c60dc3c9245f57bceb16e88b17fd1c85e98c90e8de880462f9c1b94f2067a825980df0690138fa061cbb28b7dd1d58654e932751561111323e376a4700d2d474b4419dff5e9aa6fc3cbcd5c64939a8094c41066e82b216500f6a5980f1fdf6ca1a21fa31ea080fdf73503f4bb248804d1f4cd535d579b7379fc5e3e0ad40018be274e57bb8044ea4dcc5f905394ab9b459e39008f1ec7f5677cc5226c0059ce3dae241c524ecdbe7bf9c26ce166fd29e6ba5a3cb68bd8e544bf0f1827f21510be94a5bdb00c5c19cec92c841a97a966fcc86070ff4dde50da801f5b374a880d50cb29150c0a1d5d2deeb6ea73719329834df811babababafeeb353de2ea47eada96c23f94e7d156abbe31919961898ac18bf1af949fd43947e90e7c06e06cbe90c054fe873d3d27450034182b84e9de01bc9b100d139dcc72bea996eec78946adb28053d855ed6e699de5bf953c1a64e4ff72d28d3c076f9e106bd71df66a254a150c922e5cc58c449fb222b100130206720d6f101e544c83a37511e533e31f4e5904e67ef0040fe3690f1037ea056e0de798fb5db32120badf70ac8641d6c75a40cf27dd805fc34c4b380f18d646b10770ed0ac0a7aafa3993ca1ebd36a66248161daefd298b27c84bd57a6643f8c13c330e3d7df7ebf72445ce8f3b31088dcd38555a6c2892553e93a051f62560e42cd2be013054992eb94e93336da899e07a46f826e7e857f396c654af6936a67cec66b0865e3908d852eea10a0967f17d0ff9f99fc0abb12ee1f9579dfcbf6b8c7708b4d1073aa12b5d650344c78666420b32f90a15cb66dba9c3e588aaaf9873f6656f40240b40d9dcd89f0ed7f36136c4c03b041883b7d5210c991c57eebec9be13249a7bafa2f5296033a5292b826d83e6799e829fbeb618352ff3e3bbb9370880cf1947900327f2590e801e653150b326c68de40723e5ec883bd53f21c16a8c6aa6b852fee560baf2e3482ff843e85426140bab40a4a22f3d878542453a7756156a7a05999d0524268adf4e665bb6e98b8bcabec2e139c384d62124e7cc4d2b0738e579331efad104b50d514ff49e9250ee114ffe1214287cba759a6bd27f9bd482afb2bfce9cb2a5de7ca27e46651191246192bb52d7a27e72bba2b2ceed46706af9ec9efc8baf01548ee785cdbc57a11dc0db2597ce19144f77b55bb0ea900444b3c5cf8665c7de00c773f19a7209b8a40428f661ec970d693970607e23c2b56fd0a3ecbcfebe30899ffdc3ad4f891211acd8b9d6e8f55d785e29120a83291ff686b1206c3074c2cb1dbb6c0167e989d4a76f35ff6dc5d819a4bd39c9155025f954caeb77c1f6576058ccaa460c8099fdd415188b2a006c14954842fb495a62952429ff8c2845a54f6db9256588d15bfce96a09a9806f3337c1ca53d4689e8186e97edfe39c1834305c63faaf268efb2e1665d9f76a450a13cde39801fc0e7f5bafb8faf84ca8f29b77ab40ce1a96b9837fd83ee796e7871f44bf9a40839920cfa1587eb2771d710eaeecaa409b259ccbd6227ff33a1e50524ab44869f98f15a24e147554511dad48bd204e3c2a30882a2b9b1cc21c2b1b8e69fd196e86d9ba3e033d31ceb4da391872a061de8e1cbc55307c551b9ef815cd855f684f24573de319e679e5344df9a240e5905515b622290c5118fc15f3594a76cd54dff8cc59caf9b2af0edb4564e7f0971e6f8dd68b2a11d781c098ce8f74b8478b73041fa4347884b80eb58a33123dc1caaf7e2fd30018c3e7b6a55e74983229725c6e09a07544796e319bda7db45526fba4888f640f6af0a1c4cf25540a707d25653b9134b481154b39b25c285242c627805523238b06ef5d9d28892f78ddbde5b824300133881875430cbc71676eaa1a51290e24eb8d643ab776fbf4923295b9f86ba25e81440a4079c53fd45da49aa8e6fb497d27f14c278a7cced722e229f2ced8ffb237dceb69b875c2099830e8447e8017fd1cd1be900971334df5ba256f4f25fe86b641ce78e0ca9f4ca4b40a2c24a7c575febf3f7e48fe489d71589b967ae519fad5eedbd87dc3f4f421bd6867c6e9b1715df2ef149ba6e8af9d575116413243455ccefe93807fc8572f717cf5dafc1731510c325aa0041303923b50cb4dd99d265ab2382f182a672a92549e2bda46f8de47e47978dbf674f421718eef11f4ad88b8d9566763bb2785add61ac431e5d58e09ca9aa175391e71be9a85c170dbb7b947b4067c85e2ced99d3103236e89802cea9e92c2f6b340f33232c17f83efab940e696d47d6d0aa2c51f62d45e08667d174e71d02abbfcf52a1413d9ba5f57ba42ddfec4574326f694fce23f70d65918231101ad3ffa0fde24d57cb29c717a0e79f7550700726e241fce265650b75c2ca5dd8c1c2b3ff1af29758fd7425b3bd68c3133593d065ab905b92a6d8c0aa6e4425700b9ef5a8df835e1fd7d7eda0a4ef749a23bdc976e001223eb930a45def9876d8231931789595dc8edacc1a313afa4b3886178eeefdb54378cca6e103fbc732accb34450c84b1a05fa87e23a79fc2d7fa938753215b5be4b98ffe7de780d79a905b1700314a9b3ef5618dc8518a09078d83a856006d30af7f643540a0afb8d10b9cbc21e357670bc6a460927829f571630dc35ed130f449592d66071254bafffe0b3217fc24b49ccf1b928171bb1c538a3257b407e822956868bdf0c81806ab1c3c896efe62e7470db4db1c3e66c40b4a865edfbc116450f7721d52d53c8c7403af08e7031b7574929c5ed1aed3430e67193b87f2d378963101e36f6f31e45a103bbf109e3dce73858575b0c05da62111dac413b7b277b446635557059dc0c1332a2c2ffcc3d5bb47ad0956a3e4a5da445103e4d1c5394ae7baff73e0a638ba8ab6ce16d78b6f0ddf0e468cfbfed0b50e8449f73a00a66f08c66f68d418fcb5c60f2f2e3cd0f9b336cfd031c12ddca59823dc96c8887a0dbaea3b8adf82db163ae823ac6903006c004ab20eddc6096b093bb5e7890deabbaaf17ea78b5671d9eadbe8bad2c55265d8493f5ab49b0d9456666fed3e82d18bb6934d775600c5e6ee2ba891d379a6bc1b29d999a88160bbb199c16c3dd7ff184b3122659d6a50639d0d7d111fb044961276f50cfe6a4af5e24b86d892306c6ba1d77ce4387f482b2c69c4fa574575b9d3cda6d8eb145ec44655aff17f088d9c967d92db41428fb73be4d964109affce7f6f2a6df8ec3d3512a43253113ebfb821acb97e186d417e9b070403ffc35d91475be0b331486a4cf01d8734c268e601b4b7cff1fa3f2441c0ac79f2d6bd5ec546dfb40f0dc48d97d884d8a50e3df2376d67742e2059a3b4c8b255552b5e6508e886056dc5dacd139c517711aa1f477838a62bb609a5f9b5363d81c16c3aae4964291525464e2d6c6d722f09152eaa0bf5d6c627db8c359def6d67a038dac0c6ec445c9e01600852699682a9ff032825215169794860526b586ebaa5c4a4e3c6bdacc49a8e92dbb470616b4e4214f99ec4787e0861b96a4901146282fd46cc3c873458eea055d3d25e831dcce279dbdd2291bd6ff0f2bf7b00d0c3ad53664f9a507299d042064eda3d9ac3967675eaf7409cc200a9846141e51a8b366e86b251547f7d67515c7ca897d68ff7d677598f932bcb4fe516a37a87af2d257190db6b872a688f4ea160351b85bf31a44d72a5289c37baadcd86c1c105b3d468e3f93ae576bd1813c634e805cc96261a65a94cc3e7fae513fd9557ca6b674f9d1a2c26877f3227b4da5a073a7f35bcc212aab710d392e93e4303f37b9da06bda0ee1e0dbc6088754b731cec0cc033029b2e77ab127cf3c20dd76423b8d43ebacff702870d360474052cc5ca70d5643b3ae608db83b534ff0006cc68f591b3d149479d2e704d332a36e4dc0b07001a104ced182cfd5abafee653cc1fe0715f0458936f706fb2a66f050ad7114c23c0185537f9bcc73d7373b926aebe7baace347bb0cfd6e36a9c16af47a438c6bf31d66dbf25428d064b6e79a88a8125cd0e63c4b312d5c3a03b66444daeacf36a1ac2efe2c", &(0x7f0000000000)="05a9d2de589c19f5e9d0cba41cf11553092fa6ea039865f458"}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) [ 995.640300][ T27] audit: type=1804 audit(1593459821.057:2014): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 995.673831][ T9498] FAULT_INJECTION: forcing a failure. [ 995.673831][ T9498] name failslab, interval 1, probability 0, space 0, times 0 19:43:41 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xd0a31d00000000) [ 995.725927][ T9498] CPU: 1 PID: 9498 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 995.734534][ T9498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 995.744594][ T9498] Call Trace: [ 995.747887][ T9498] dump_stack+0x1f0/0x31e [ 995.752225][ T9498] should_fail+0x38a/0x4e0 [ 995.756643][ T9498] ? sctp_bind_addrs_to_raw+0xa7/0x240 [ 995.762100][ T9498] should_failslab+0x5/0x20 [ 995.764811][ T27] audit: type=1804 audit(1593459821.067:2015): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 995.766593][ T9498] __kmalloc+0x74/0x330 [ 995.766611][ T9498] sctp_bind_addrs_to_raw+0xa7/0x240 [ 995.766630][ T9498] sctp_make_init+0x9d/0x2650 [ 995.766646][ T9498] ? mark_lock+0x102/0x1b00 [ 995.766669][ T9498] sctp_sf_do_prm_asoc+0xcd/0x3e0 [ 995.766683][ T9498] sctp_do_sm+0xfd/0x55a0 [ 995.766705][ T9498] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 995.766718][ T9498] ? sctp_transport_pmtu+0x1ce/0x460 [ 995.797916][ T27] audit: type=1804 audit(1593459821.087:2016): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 995.802361][ T9498] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 995.802374][ T9498] ? memcpy+0x3c/0x60 [ 995.802386][ T9498] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 995.802412][ T9498] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 995.802426][ T9498] __sctp_connect+0xcd1/0x11e0 [ 995.802449][ T9498] sctp_inet_connect+0x11b/0x190 [ 995.811467][ T27] audit: type=1804 audit(1593459821.087:2017): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 995.812123][ T9498] __sys_connect+0x2da/0x360 [ 995.812142][ T9498] ? check_preemption_disabled+0x40/0x240 [ 995.812152][ T9498] ? check_preemption_disabled+0x40/0x240 [ 995.812164][ T9498] ? do_syscall_64+0x1d/0xe0 [ 995.812178][ T9498] __x64_sys_connect+0x76/0x80 [ 995.812189][ T9498] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 995.812200][ T9498] do_syscall_64+0x73/0xe0 [ 995.820474][ T27] audit: type=1804 audit(1593459821.107:2018): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 995.823247][ T9498] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 995.823257][ T9498] RIP: 0033:0x45cb19 [ 995.823262][ T9498] Code: Bad RIP value. [ 995.823268][ T9498] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 995.823278][ T9498] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 995.823285][ T9498] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 995.823291][ T9498] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 995.823297][ T9498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 995.823304][ T9498] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x403}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 996.027108][ T27] audit: type=1804 audit(1593459821.107:2019): pid=9508 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 [ 996.049938][ T27] audit: type=1804 audit(1593459821.107:2020): pid=9495 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1562/bus" dev="sda1" ino=16318 res=1 19:43:41 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x12000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x408}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 996.073297][ T27] audit: type=1800 audit(1593459821.167:2021): pid=9514 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16377 res=0 [ 996.091719][ T27] audit: type=1804 audit(1593459821.167:2022): pid=9514 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1563/bus" dev="sda1" ino=16377 res=1 19:43:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x3, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:44 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xf0e10b1b000000) 19:43:44 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x6, 0x3f) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0xb, 0x0) 19:43:44 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x13000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:44 executing program 5 (fault-call:13 fault-nth:70): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:44 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x2000, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x40000000000008, 0x0) 19:43:44 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x100000000000000) 19:43:44 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x14000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 998.650561][ T9553] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x4, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:44 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x200000000000000) [ 998.747731][ T9552] FAULT_INJECTION: forcing a failure. [ 998.747731][ T9552] name failslab, interval 1, probability 0, space 0, times 0 [ 998.806905][ T9552] CPU: 0 PID: 9552 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 998.815521][ T9552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.821541][ T9578] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 998.825566][ T9552] Call Trace: [ 998.825585][ T9552] dump_stack+0x1f0/0x31e [ 998.825603][ T9552] should_fail+0x38a/0x4e0 [ 998.825621][ T9552] ? sctp_bind_addrs_to_raw+0xa7/0x240 [ 998.825633][ T9552] should_failslab+0x5/0x20 [ 998.825643][ T9552] __kmalloc+0x74/0x330 [ 998.825659][ T9552] sctp_bind_addrs_to_raw+0xa7/0x240 [ 998.825679][ T9552] sctp_make_init+0x9d/0x2650 [ 998.825697][ T9552] ? mark_lock+0x102/0x1b00 [ 998.825720][ T9552] sctp_sf_do_prm_asoc+0xcd/0x3e0 [ 998.825734][ T9552] sctp_do_sm+0xfd/0x55a0 [ 998.825756][ T9552] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 998.825769][ T9552] ? sctp_transport_pmtu+0x1ce/0x460 [ 998.895565][ T9552] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 998.901020][ T9552] ? memcpy+0x3c/0x60 [ 998.905043][ T9552] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 998.910399][ T9552] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 998.915763][ T9552] __sctp_connect+0xcd1/0x11e0 [ 998.920535][ T9552] sctp_inet_connect+0x11b/0x190 [ 998.925473][ T9552] __sys_connect+0x2da/0x360 [ 998.930071][ T9552] ? check_preemption_disabled+0x40/0x240 [ 998.935787][ T9552] ? check_preemption_disabled+0x40/0x240 [ 998.941501][ T9552] ? do_syscall_64+0x1d/0xe0 [ 998.946088][ T9552] __x64_sys_connect+0x76/0x80 [ 998.950841][ T9552] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 998.956888][ T9552] do_syscall_64+0x73/0xe0 [ 998.961303][ T9552] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 998.967184][ T9552] RIP: 0033:0x45cb19 [ 998.971060][ T9552] Code: Bad RIP value. [ 998.975118][ T9552] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 998.983763][ T9552] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 998.991756][ T9552] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 998.999717][ T9552] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:43:44 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x15000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x5, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 999.007684][ T9552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 999.015654][ T9552] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:44 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x300000000000000) 19:43:44 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x16000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 999.108174][ T9586] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:43:47 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r5, 0x80045300, &(0x7f0000000080)) 19:43:47 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x5, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:43:47 executing program 5 (fault-call:13 fault-nth:71): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:47 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x17000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:47 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x400000000000000) 19:43:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x6, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1001.698535][ T9610] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1001.723463][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 1001.723471][ T27] audit: type=1800 audit(1593459827.158:2060): pid=9614 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16289 res=0 19:43:47 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x18000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x7, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1001.745967][ T9612] FAULT_INJECTION: forcing a failure. [ 1001.745967][ T9612] name failslab, interval 1, probability 0, space 0, times 0 19:43:47 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x500000000000000) [ 1001.802760][ T9612] CPU: 0 PID: 9612 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 1001.811368][ T9612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1001.821506][ T9612] Call Trace: [ 1001.824800][ T9612] dump_stack+0x1f0/0x31e [ 1001.829135][ T9612] should_fail+0x38a/0x4e0 [ 1001.833731][ T9612] ? _sctp_make_chunk+0x10c/0x3e0 [ 1001.838750][ T9612] should_failslab+0x5/0x20 [ 1001.841306][ T27] audit: type=1804 audit(1593459827.198:2061): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1001.843243][ T9612] kmem_cache_alloc+0x53/0x2d0 [ 1001.843262][ T9612] _sctp_make_chunk+0x10c/0x3e0 [ 1001.843282][ T9612] sctp_make_init+0x545/0x2650 [ 1001.879735][ T9612] sctp_sf_do_prm_asoc+0xcd/0x3e0 [ 1001.884763][ T9612] sctp_do_sm+0xfd/0x55a0 [ 1001.889106][ T9612] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 1001.895872][ T9612] ? sctp_transport_pmtu+0x1ce/0x460 [ 1001.901185][ T9612] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 1001.906558][ T9612] ? memcpy+0x3c/0x60 [ 1001.910546][ T9612] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 1001.915942][ T9612] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 1001.921313][ T9612] __sctp_connect+0xcd1/0x11e0 [ 1001.926094][ T9612] sctp_inet_connect+0x11b/0x190 [ 1001.931032][ T9612] __sys_connect+0x2da/0x360 [ 1001.931716][ T27] audit: type=1804 audit(1593459827.198:2062): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1001.935617][ T9612] ? check_preemption_disabled+0x40/0x240 [ 1001.935627][ T9612] ? check_preemption_disabled+0x40/0x240 [ 1001.935639][ T9612] ? do_syscall_64+0x1d/0xe0 [ 1001.935653][ T9612] __x64_sys_connect+0x76/0x80 [ 1001.935665][ T9612] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1001.935673][ T9612] do_syscall_64+0x73/0xe0 [ 1001.935684][ T9612] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1001.935694][ T9612] RIP: 0033:0x45cb19 [ 1001.935698][ T9612] Code: Bad RIP value. 19:43:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x9, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1001.935704][ T9612] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1001.935714][ T9612] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 1001.935720][ T9612] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 1001.935725][ T9612] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1001.935730][ T9612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1001.935735][ T9612] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 [ 1001.971763][ T9630] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1001.992898][ T27] audit: type=1804 audit(1593459827.208:2063): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1002.052217][ T9634] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:43:47 executing program 5 (fault-call:13 fault-nth:72): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:47 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x19000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1002.062892][ T27] audit: type=1804 audit(1593459827.208:2064): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1002.091919][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1002.126617][ T27] audit: type=1804 audit(1593459827.208:2065): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1002.202428][ T27] audit: type=1804 audit(1593459827.218:2066): pid=9620 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1002.234656][ T27] audit: type=1804 audit(1593459827.218:2067): pid=9614 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1568/bus" dev="sda1" ino=16289 res=1 [ 1002.265671][ T27] audit: type=1800 audit(1593459827.438:2068): pid=9631 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16277 res=0 [ 1002.266419][ T9644] FAULT_INJECTION: forcing a failure. [ 1002.266419][ T9644] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.284502][ T27] audit: type=1804 audit(1593459827.438:2069): pid=9631 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1569/bus" dev="sda1" ino=16277 res=1 [ 1002.339642][ T9644] CPU: 0 PID: 9644 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 1002.348263][ T9644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.358320][ T9644] Call Trace: [ 1002.361614][ T9644] dump_stack+0x1f0/0x31e [ 1002.365954][ T9644] should_fail+0x38a/0x4e0 [ 1002.370374][ T9644] should_failslab+0x5/0x20 [ 1002.374889][ T9644] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 1002.380602][ T9644] ? __kmalloc_node_track_caller+0x37/0x60 [ 1002.386406][ T9644] __kmalloc_node_track_caller+0x37/0x60 [ 1002.392032][ T9644] ? _sctp_make_chunk+0x59/0x3e0 [ 1002.396971][ T9644] __alloc_skb+0xde/0x4f0 [ 1002.401307][ T9644] _sctp_make_chunk+0x59/0x3e0 [ 1002.406104][ T9644] sctp_make_init+0x545/0x2650 [ 1002.410893][ T9644] sctp_sf_do_prm_asoc+0xcd/0x3e0 [ 1002.415917][ T9644] sctp_do_sm+0xfd/0x55a0 [ 1002.420251][ T9644] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 1002.427008][ T9644] ? sctp_transport_pmtu+0x1ce/0x460 [ 1002.432280][ T9644] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 1002.437638][ T9644] ? memcpy+0x3c/0x60 [ 1002.441657][ T9644] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 1002.447024][ T9644] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 1002.452540][ T9644] __sctp_connect+0xcd1/0x11e0 [ 1002.457302][ T9644] sctp_inet_connect+0x11b/0x190 [ 1002.462264][ T9644] __sys_connect+0x2da/0x360 [ 1002.466833][ T9644] ? check_preemption_disabled+0x40/0x240 [ 1002.472530][ T9644] ? check_preemption_disabled+0x40/0x240 [ 1002.478234][ T9644] ? do_syscall_64+0x1d/0xe0 [ 1002.482834][ T9644] __x64_sys_connect+0x76/0x80 [ 1002.487596][ T9644] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1002.493634][ T9644] do_syscall_64+0x73/0xe0 [ 1002.498035][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1002.503911][ T9644] RIP: 0033:0x45cb19 [ 1002.507773][ T9644] Code: Bad RIP value. [ 1002.511812][ T9644] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1002.520194][ T9644] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 1002.528139][ T9644] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 [ 1002.536092][ T9644] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1002.544055][ T9644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1002.552008][ T9644] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:50 executing program 3: openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x2, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, 0x1, 0x7, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x6}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004901}, 0x0) timer_create(0x6, &(0x7f0000000080)={0x0, 0xd, 0x0, @tid=r0}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x6) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:43:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x600000000000000) 19:43:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0xa, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1a000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:50 executing program 5 (fault-call:13 fault-nth:73): r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:50 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) write$P9_RWRITE(r1, &(0x7f0000000100)={0xb, 0x77, 0x1, 0x80000000}, 0xb) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_KEY_FLUSH(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="00000000c23956547e3f36c221f45e1db886583836ad30859cf975c2c9f64eb9a440486c379ffaf9eaa0bc83acb973b4c67536e889675178ae83b56bf0fde175e1c35d8ad69c4794eab9443cd85abd012399777ecdcd0ac72a5fae8e9f1f964d1e938fdb4a464a72fc2a173b62d67e8adfd75048db0a58aaa3e3c22eec23e69dbf80aa6ca9638940aaddb947e7c66ec5dea91769ac2ea569337b03b62310f27f3090c08d48d1bcc59a6b64af2a4e65fccfeb1b3ddd3949cf378f7bdfc900eb81a189d1eb0b91692959bc4e9ceb7b47abc78245cbe58c", @ANYRES16=r4, @ANYBLOB="00022cbd7000fcdbdf2518000000bdc935feeaa7bc49690fa23d79df4afe3e127a7331b99a9c73b9c5c1c342ad6cf82ae567a4a38705fa9e40e1ecbd609803fdd86b45de5ce6b3adb7e25712e78c84f514403a79b9dfda7b3f0af7f0ebdd0fc64f2405ce6d78a8d9c489514b69be1b135bef29e6afe0f4327eed235312f6428bfe6e1d7a036429aeb9a78464e27d837a75b8e7edfe07218d3e217a"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x22000851) getsockname(0xffffffffffffffff, &(0x7f0000000280)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private1}}, &(0x7f0000000380)=0x80) [ 1004.737849][ T9658] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1004.769867][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1b000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0xb, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1004.849883][ T9660] FAULT_INJECTION: forcing a failure. [ 1004.849883][ T9660] name failslab, interval 1, probability 0, space 0, times 0 19:43:50 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x101040, 0x0) ioctl$SNDRV_PCM_IOCTL_XRUN(r1, 0x4148, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:43:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x700000000000000) [ 1004.894533][ T9660] CPU: 1 PID: 9660 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 1004.903148][ T9660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.913200][ T9660] Call Trace: [ 1004.916516][ T9660] dump_stack+0x1f0/0x31e [ 1004.920851][ T9660] should_fail+0x38a/0x4e0 [ 1004.925272][ T9660] should_failslab+0x5/0x20 [ 1004.929770][ T9660] kmem_cache_alloc_node+0x64/0x290 [ 1004.934967][ T9660] ? __kasan_slab_free+0x114/0x170 [ 1004.940076][ T9660] ? __alloc_skb+0x94/0x4f0 [ 1004.944580][ T9660] __alloc_skb+0x94/0x4f0 [ 1004.948917][ T9660] sctp_packet_transmit+0x2d6/0x2b60 [ 1004.954200][ T9660] ? lock_acquire+0x160/0x720 [ 1004.958884][ T9660] ? __sctp_packet_append_chunk+0x94a/0xcf0 [ 1004.964799][ T9660] sctp_outq_flush+0x633/0x32f0 [ 1004.969694][ T9660] sctp_do_sm+0x51e7/0x55a0 [ 1004.974222][ T9660] ? sctp_ulpevent_notify_peer_addr_change+0x8e/0x5a0 [ 1004.980981][ T9660] ? sctp_transport_pmtu+0x1ce/0x460 [ 1004.986264][ T9660] ? sctp_assoc_add_peer+0xcf2/0x1560 [ 1004.991632][ T9660] ? memcpy+0x3c/0x60 [ 1004.995611][ T9660] ? sctp_assoc_add_peer+0xf6f/0x1560 [ 1005.000989][ T9660] sctp_primitive_ASSOCIATE+0x90/0xc0 [ 1005.006363][ T9660] __sctp_connect+0xcd1/0x11e0 [ 1005.011144][ T9660] sctp_inet_connect+0x11b/0x190 [ 1005.016077][ T9660] __sys_connect+0x2da/0x360 [ 1005.020668][ T9660] ? check_preemption_disabled+0x40/0x240 [ 1005.026383][ T9660] ? check_preemption_disabled+0x40/0x240 [ 1005.032097][ T9660] ? do_syscall_64+0x1d/0xe0 [ 1005.036808][ T9660] __x64_sys_connect+0x76/0x80 [ 1005.041585][ T9660] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1005.047647][ T9660] do_syscall_64+0x73/0xe0 [ 1005.052062][ T9660] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1005.057947][ T9660] RIP: 0033:0x45cb19 [ 1005.061826][ T9660] Code: Bad RIP value. [ 1005.065902][ T9660] RSP: 002b:00007fe210c26c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1005.074305][ T9660] RAX: ffffffffffffffda RBX: 00000000004db880 RCX: 000000000045cb19 [ 1005.082272][ T9660] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000007 19:43:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x10, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1c000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1005.090240][ T9660] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1005.098205][ T9660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1005.106198][ T9660] R13: 000000000000008a R14: 00000000004c353e R15: 00007fe210c276d4 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1d000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x800000000000000) [ 1005.164376][ T9693] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1005.180138][ T9693] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 19:43:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x11, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1e000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1005.307191][ T9709] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:43:50 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x12, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x900000000000000) 19:43:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x1f000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1005.571958][ T9723] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:43:53 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x800000000000002, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:43:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x13, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:53 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) shutdown(r0, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {r1, r2+10000000}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(0xfffffffffffffffd) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 19:43:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x20000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa00000000000000) 19:43:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x2, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1007.986140][ T9743] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 19:43:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x14, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:53 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) [ 1008.037624][ T27] kauditd_printk_skb: 36 callbacks suppressed [ 1008.037633][ T27] audit: type=1800 audit(1593459833.479:2106): pid=9745 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16290 res=0 19:43:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x21000000, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x3, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1008.109102][ T9758] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1008.125956][ T27] audit: type=1804 audit(1593459833.569:2107): pid=9760 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 19:43:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1008.253749][ T27] audit: type=1804 audit(1593459833.569:2108): pid=9760 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 [ 1008.300510][ T9774] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 1008.370888][ T27] audit: type=1804 audit(1593459833.569:2109): pid=9760 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 [ 1008.400337][ T27] audit: type=1804 audit(1593459833.579:2110): pid=9760 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 [ 1008.424604][ T27] audit: type=1804 audit(1593459833.609:2111): pid=9745 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 [ 1008.458918][ T27] audit: type=1804 audit(1593459833.619:2112): pid=9760 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 [ 1008.492027][ T27] audit: type=1804 audit(1593459833.619:2113): pid=9745 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1574/bus" dev="sda1" ino=16290 res=1 19:43:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x2, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xb00000000000000) 19:43:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:56 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000080)={0x20, 0x7ff, 0x1, 0x7, 0xffb7, 0xfff}) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:43:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x4, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x3, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x0, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1011.092821][ T27] audit: type=1800 audit(1593459836.529:2114): pid=9791 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16291 res=0 19:43:56 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)=0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {r1, r2+10000000}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x8, 0x0) [ 1011.177225][ T27] audit: type=1804 audit(1593459836.569:2115): pid=9791 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1575/bus" dev="sda1" ino=16291 res=1 19:43:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x4, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xc00000000000000) 19:43:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x5, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x5, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xd00000000000000) 19:43:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x6, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:59 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x6, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:59 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xe00000000000000) 19:43:59 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x2) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r4, 0x0, 0x0) write$FUSE_LK(r3, &(0x7f0000000080)={0x28, 0xfffffffffffffff5, 0x5, {{0x8, 0x100000001, 0x0, r4}}}, 0x28) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:43:59 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x1, 0x0) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f00000001c0)=0x2, 0x4) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000100)={0x990000, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990aff, 0xffffff23, [], @string=&(0x7f0000000080)=0x3}}) ioctl$DRM_IOCTL_AGP_RELEASE(r3, 0x6431) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r4, 0x0, 0x8, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x26008000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40010, r8, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r8, 0x80047c05, &(0x7f0000000280)) 19:43:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x7, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1014.168214][ T27] kauditd_printk_skb: 21 callbacks suppressed [ 1014.168223][ T27] audit: type=1800 audit(1593459839.610:2137): pid=9852 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16277 res=0 19:43:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x8}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:59 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000080)={0x1, 0x1d, 0x7fff, 0x80000001}, 0x10) 19:43:59 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x1000000000000000) [ 1014.282141][ T27] audit: type=1804 audit(1593459839.670:2138): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 19:43:59 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) syz_open_dev$vcsu(&(0x7f0000000080)='/dev/vcsu#\x00', 0x8001, 0x10040) r5 = accept4$tipc(r3, &(0x7f00000000c0)=@id, &(0x7f0000000100)=0x10, 0x0) shutdown(r5, 0x1) 19:43:59 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x7, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:43:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x300}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:43:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x8, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:43:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0xffffff1f}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1014.426404][ T27] audit: type=1804 audit(1593459839.680:2139): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 19:43:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x9, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:00 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x1100000000000000) 19:44:00 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) close(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x88, 0x0) 19:44:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x4, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:00 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x8, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1014.572268][ T27] audit: type=1804 audit(1593459839.690:2140): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 [ 1014.706932][ T27] audit: type=1804 audit(1593459839.690:2141): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 [ 1014.769954][ T27] audit: type=1804 audit(1593459839.690:2142): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 [ 1014.823453][ T27] audit: type=1804 audit(1593459839.700:2143): pid=9865 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 [ 1014.861559][ T27] audit: type=1804 audit(1593459839.700:2144): pid=9852 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1578/bus" dev="sda1" ino=16277 res=1 [ 1014.890976][ T27] audit: type=1800 audit(1593459839.850:2145): pid=9880 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16337 res=0 [ 1014.920759][ T27] audit: type=1804 audit(1593459839.910:2146): pid=9888 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1579/bus" dev="sda1" ino=16337 res=1 19:44:02 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000080)=0x1, 0x1) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xa, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:02 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x1200000000000000) 19:44:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0xc, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x9, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xb, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:02 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x2000000000000000) 19:44:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x25, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1017.449946][ T9944] netlink: 'syz-executor.1': attribute type 2 has an invalid length. 19:44:03 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) ioctl$MEDIA_REQUEST_IOC_QUEUE(r1, 0x7c80, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xc, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x3, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:03 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x2500000000000000) 19:44:03 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201e50009003c0800240042ef42000000010902"], 0x0) syz_usb_disconnect(r0) syz_usb_disconnect(r0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) timer_settime(r3, 0x0, &(0x7f00000001c0)={{r1, r2+10000000}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r5, 0x0, 0x8, 0x3) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000080)={'icmp6\x00'}, &(0x7f00000000c0)=0x1e) ioctl$PPPIOCGFLAGS1(r4, 0x8004745a, &(0x7f0000000280)) 19:44:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xd, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0x4e21, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1017.688079][ T9964] netlink: 'syz-executor.1': attribute type 3 has an invalid length. 19:44:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xe, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:03 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x3f00000000000000) 19:44:03 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) prctl$PR_MCE_KILL_GET(0x22) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$kcm(0x29, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x3) 19:44:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x8, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x300, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0xa, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:03 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x4000000000000000) 19:44:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0xf, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x10, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1017.991964][ T3843] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1018.241804][ T3843] usb 5-1: Using ep0 maxpacket: 8 [ 1018.371904][ T3843] usb 5-1: config 0 has no interfaces? [ 1018.377704][ T3843] usb 5-1: New USB device found, idVendor=2400, idProduct=4200, bcdDevice=42.ef [ 1018.387172][ T3843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.399733][ T3843] usb 5-1: config 0 descriptor?? [ 1018.645696][ T17] usb 5-1: USB disconnect, device number 14 19:44:06 executing program 4: timer_create(0x4, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x252001, 0x0) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x90, 0x0, 0x6, [{0x5, 0x0, 0x4, 0x20, '-\')/'}, {0x0, 0x20, 0x1, 0x8, '}'}, {0x4, 0x7, 0x5, 0xfff, '(,!${'}, {0x3, 0x0, 0x7, 0x3, '+&,/,$['}]}, 0x90) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:06 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x11, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:06 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x4800000000000000) 19:44:06 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x64, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1020.752675][ T27] kauditd_printk_skb: 53 callbacks suppressed [ 1020.752684][ T27] audit: type=1800 audit(1593459846.201:2200): pid=10036 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16271 res=0 [ 1020.793074][ T27] audit: type=1804 audit(1593459846.241:2201): pid=10036 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 19:44:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0xc0}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:06 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x4c00000000000000) 19:44:06 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x12, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1020.871220][ T27] audit: type=1804 audit(1593459846.261:2202): pid=10036 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 19:44:06 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0xec0}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1020.967230][ T27] audit: type=1804 audit(1593459846.261:2203): pid=10036 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 19:44:06 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x5e0c000000000000) 19:44:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x33fe0}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1021.074802][ T27] audit: type=1804 audit(1593459846.261:2204): pid=10036 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 [ 1021.163644][ T27] audit: type=1804 audit(1593459846.271:2205): pid=10042 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 [ 1021.235921][ T27] audit: type=1804 audit(1593459846.271:2206): pid=10042 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1586/bus" dev="sda1" ino=16271 res=1 [ 1021.296102][ T27] audit: type=1800 audit(1593459846.401:2207): pid=10052 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16327 res=0 [ 1021.355857][ T27] audit: type=1804 audit(1593459846.401:2208): pid=10052 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1587/bus" dev="sda1" ino=16327 res=1 [ 1021.390132][ T27] audit: type=1804 audit(1593459846.401:2209): pid=10052 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1587/bus" dev="sda1" ino=16327 res=1 19:44:09 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x6, @pix_mp={0x1, 0x81, 0x47504a4d, 0x9, 0x5, [{0x0, 0x8}, {0x0, 0x80}, {0x200, 0x1}, {0x5df04359, 0x8001}, {0x401, 0x9}, {0x4, 0x4}, {0xffff, 0x2}, {0x81, 0x4}], 0x1d, 0x6, 0x0, 0x0, 0x5}}) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{r1, r2+10000000}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x8, 0x0) pipe2(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r6, &(0x7f00000002c0)="ae60d4472644101fc5aaa394119122ab607dfe77cadf5b", &(0x7f0000000380)=@tcp=r0, 0x1}, 0x20) 19:44:09 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) r6 = creat(0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0106426, &(0x7f0000000080)={0x7, &(0x7f0000000040)=[{}, {}, {0x0}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000140)={r7, 0x8}) ioctl$DRM_IOCTL_DMA(r5, 0xc0406429, &(0x7f00000001c0)={r7, 0x4, &(0x7f0000000080)=[0x4, 0x100, 0x3, 0x0], &(0x7f00000000c0)=[0xffffffff, 0x4, 0x1f, 0x7ff], 0x2, 0x7, 0x9ec2, &(0x7f0000000100)=[0x100, 0xffffffc0, 0xfffff800, 0x4, 0x100, 0x8, 0x3], &(0x7f0000000140)=[0x6, 0x3b, 0x1000]}) 19:44:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2000010c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x13, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:09 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x6800000000000000) 19:44:09 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x7ffff000}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x14, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:09 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x6c00000000000000) 19:44:09 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4800000010000507000000001000000000000040", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000008000100716671"], 0x74}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r8 = dup(r7) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newtfilter={0x3c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}, @TCA_RATE={0x6}]}, 0x3c}}, 0x0) r10 = socket$kcm(0x29, 0x2, 0x0) splice(r10, 0x0, r1, 0x0, 0x8, 0x0) 19:44:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0xfffffdef}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:44:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x15, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1023.945420][T10108] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 19:44:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x16, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1023.995057][T10122] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. 19:44:12 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0xa600, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') prctl$PR_SET_FPEMU(0xa, 0x1) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r2, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004855}, 0x20040000) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @l2={'ib', 0x3a, 'vlan0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r4, 0x0, 0x8, 0x0) 19:44:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x17, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:12 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x2, 0x0, 0x0, 0x800}, 0x2) 19:44:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x7400000000000000) [ 1026.819726][ T27] kauditd_printk_skb: 28 callbacks suppressed [ 1026.819734][ T27] audit: type=1800 audit(1593459852.262:2238): pid=10142 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16382 res=0 19:44:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x3, 0x0, 0x0, 0x800}, 0x2) 19:44:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x18, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1026.889827][ T27] audit: type=1804 audit(1593459852.312:2239): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 19:44:12 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video0\x00', 0x2, 0x0) 19:44:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x7a00000000000000) 19:44:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x8, 0x0, 0x0, 0x800}, 0x2) 19:44:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x19, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:12 executing program 3: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x14, 0x0, @tid=r0}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) [ 1027.036793][ T27] audit: type=1804 audit(1593459852.312:2240): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 19:44:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x300, 0x0, 0x0, 0x800}, 0x2) 19:44:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x1a, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:12 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x1, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f0000000080)={0x0, 0x6}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$kcm(0x29, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) splice(r4, 0x0, r1, 0x0, 0x0, 0x0) 19:44:12 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x8000000000000000) [ 1027.196865][ T27] audit: type=1804 audit(1593459852.322:2241): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 19:44:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0xffffff1f, 0x0, 0x0, 0x800}, 0x2) 19:44:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x1b, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1027.311312][ T27] audit: type=1804 audit(1593459852.322:2242): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 [ 1027.437953][ T27] audit: type=1804 audit(1593459852.342:2243): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 [ 1027.478285][ T27] audit: type=1804 audit(1593459852.352:2244): pid=10151 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 [ 1027.515814][ T27] audit: type=1804 audit(1593459852.352:2245): pid=10142 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1591/bus" dev="sda1" ino=16382 res=1 [ 1027.555508][ T27] audit: type=1800 audit(1593459852.542:2246): pid=10171 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16210 res=0 [ 1027.585090][ T27] audit: type=1804 audit(1593459852.542:2247): pid=10171 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1592/bus" dev="sda1" ino=16210 res=1 19:44:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x2, 0x0, 0x800}, 0x2) 19:44:15 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:44:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x1c, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:15 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa1ffffff00000000) 19:44:15 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:15 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x11, 0x0, @thr={&(0x7f00000000c0)="11f044ab2862721ef7cc1eec86ed67a5ef9e6b00504a7c77cab498159a88040000009572d711565cb6cc6df0c49fa6ac59d18b713ccde12cbee6c388b0623a4e352e79373455dc418da7fddf9764cff48c08a8", &(0x7f0000000380)="1905cee9c036b9e507045ff99222679b54c0abccce8e45d044ed96a0bb52d7cb6069699c61531e87f478f9257e2d134339b27a83a50317a7ba198ac23b3c1629b7170652945e6a5b07c38be6d567aa87c11c3689314450761a396dbc22252e2540a1c16257c6ff912b75245dff70df8705ef83d9eb074a248437ee745ad74f053f9f43bf64ad5765e09a3d6a07124402280e16117d283e792eabeb50b92e763ac3554e001dce4589a20ced772e4a19f97f216433fa3544615e64ac79cb5019d7d942744ceba0e9e17d3981a4ebb3e941b14485be3a820e335bc0a81784081339ed5bd1e49891d4cac561f4f92c84a63808a47082c2040eff47ccee260b3bf20f640d5d4d57253ed2103d0754e4bc73cedff30560f59e5b3ca6dbe8b90a1718bef71d9191bdc79ab40c1f8f93fbb9f0e9e520bb267f6a99285060c625ec83b13e556701695a09827fcd113500df9438c40f9f45aefd6a7dc950df632eec6e029e209005c68d95903b3a51cfd200dc2b1122cde52778de4e3b1304d8c08c2a90997cb86c280eecf10411ffe621cea99aaaa98871cced48cd6d45ea0debe337dfa6283089f36cbf204c0855546ac92fa8c223c1689d02b2618ee9f4e6eefbbd4a3ff9cb59ab6794ddec5bde098843f44060ae82d166d28ddd3cb6cf869836c0704cfe6d9201137309cbe8e66bb372d4aa1acef9fc8a1f92145525113cb273b280bdd88ec37f321f0f3e6084a3162a9ac5450bd7bc68262f75b16fb9fe6315855c313bd11b8d1ebbf23032b3a61290e3fff4e9270ed53ce6290dd304866fb5bbda90aee7bf2727d0b416a01b145f3a870c9df574b839db321bd8db83dea3bdcf6952cadd8805e5b75084ceb0d9f6505309575fcc5dd454d365d429d0f28b25d8a88b7a8c69467a976543b30c2a57eda06ec94cf73b122c2693ab1e9bc1215ee4d251c1b0db062a57a3d530d1d0e3538dbea1c25eb9ba37bc363b857511768ff755e963e424bf6301448c040d51e65edb454f2e7da544b3b1b962244a52636092fa8000f24236132af2bdd7f33a8eab7ac2985a157f0f2952ec3776d43624e1e80f6e701df91959651cb66213896bfc8cab00de3dc2beb576816da30dfd6f6743729e887f24a8090f11f2eaf15eea16ffc70e75c090560f2def4ef1dbca2a1aa41ced50bb0ba66611b0ef6ec7fdb2f35bf3e2351f69812b36cffce38e411f9a2d9770aa52c20f5e19042b15e3d8c360319e4945cf3e7ea440f3f75fb76ae30e68120075f05d1b9bef8771f4b864ee4415c28dab36b2e8b114bfb6a3793216da9fdec3314d60961baea561bd549ca1b697a9e2f1065ed871a821f4b494ffbd52562cdf32c8244750c8f8708d55481153bb0878b6490c9d9db23c5791dccede10ef74c2089ba6b331a4b6ca610a6c200dfb3ca40871be2f7fe19737a7e5df1dc68b21eac8e408ebcf4a9ff58ccb3eff548aab322fd8bafbccbbf405aa4801852947cba5cb38e929529362dd4bad964163a7a320215ae5f635e64cc8c2718994aa874bc57c07c1a4c918f9d7345c8e3cffc4bfeae64c462b397a66d601ab7a71647419cc71f99f9ba03b742f8187a56cba6073a24767bbe83fd3cb73e51447ed48bc62d91b615c5d39977126aa06c9fac60d5dfc2883c59a01c5fc5a767a2719a91fa670746a5dd9b8662b60d1b8d96c9ee63cd338e9863cc8378780e49cf75a7020e973c07a0c4390c12defa48d8a50115bae8bab8f9d781bb59c22417fe16de9fb4682042090873403f5f064bb34bb7e7eb8c0b943add2d9c550d566232cca05df4cfe54e378e88722b6c70878c833ab842ce448829f40a80586256b9e41cef6aa730f1754981dfd1048f812fc2e60606e97f922717d9cdb0bf586279e10f6d35e27a3136391f92028a424bcfd00350f6c1fa6dbfb17ebf6b6506fac6b8070250f322f07df669f915631c9e98a1676fd1075f80933b7541121a8183c7ef60caf2cfffb226b10c5f851c6b66543fe5dec10cbd899abb76c8b28e562017530e39fe2faadb7342a2cabb2b56b22742c1b759c01db90ddeb891088620eee13d873993557e726faf9e456cd629d64bd5f578b0e692f42fff8b18483b98da60e7198b9235c237b08ab3867a22790daa56d2683ab88f1b9b709429bf4b9996a96d20f5a5c42ea0e19d9c9817f260e2903c4e262aec23e04b3bce991a8176b5c08361a89d7635ead6ccaef08a075137ab3b09589fe222a5923f136cf3a68d9d5e1da3f4fd5319f94c824ae4191d6579093be1df110023015d19310dab85f4b099c1ac6c03056e78ae3e6e63695abdd3aea6bd5fad0416208c2db325a855bdc11eb0f40bec8b64130f25d0ae874fef4c5d2bf59b3534d2056086245ab45198927eed7a9e538d647e05b50818584001abf90b230a85ecde0fafd5f63a71288b6169ce5918f8f6873d42f798cc484b7e495937f92d40dd89f4fe1e339b8214147b2abaaa814eee784909f5c3148f5a96493700937a5161f85a741a3adfe64fd9d0a02bf1645291cfc5c1691c2a8c6548b51430270f5972f7bd49456a20009000aab205d34034b2282b811f74cabbe98bbf9e658477638630eee4ae5e5a4a5c2b7925b219a90d081274be9ab253ac52acc95099c58be0895eae3419bfe7491663d7bbd5ec4fd3e0e57148dba1a33918068c4d2cfc64aed159f6a29248eebbcba177b7cb9627f6ee059b6a1dfd843a27d6ed8404c70ae55c2d8b2ad8e3816ddfb2692d5c993b8dbf76184e701836d4f69d6862724e61504deb143f7474637d5f4ac863f00d73fda8dd5c0619cf1b9d8db72402d13e2a1048772a68c848aad6d9cf4628ba02fbfd309fa0b5fa6dc8a7fd8a68ab00997b8e0c68130470be85a2e57abd9c453a819a0c4d7b9d16d4f5fb3d02011371d35b34705adda48a0a14a0bd5429e29b79ca64d7f5576cd79ac7063a664c80a78e9436c7a6481b0c27bd0644b3fca6a7f116bd25bdf1799834d88cc359d5d0082a54618c23ade542b4619f45f95626718f7b401f2a304bd0b1c7e9aa090403f9fc073bf7c130ad0774bc34afcdc70fbec599eae4bc20c34192c2f61cf35cb2b114360a299397da7d8af13ab7c534fb2809c45dff457a1d65ccfcaed358bb951f3baa4ba0b0d3217f7dc3bcd9b7372a0eee4176cec69942add7ddce3b22f97f115fba8813d96979b94f77615b4ed5e506dd1ab5845b76404976cffac6161c722e553830df45f026da55222a408ff95625aeed08e27a6dd80c9906c5a48173c8bf4fb07e780bed419351461e869e7bdf7c8adc41cbadadd53d4652601ef6bd61ebc8ba97eecce375a0632ceb2aa580f72b38dd72bf10b04dee20b707ac8deafd3a125288a580220bb4682b2866940a01c17c7cf63151e517016d40d6d7fb1d965d70e8fe47cc6385a5f0b267ea54bb19e74a30b95423424011d22095c06f5c3c842639101bd3a0df119bed2f2196291edc5a213e2c9e42228cd12753e77115dec0b3ea4dbcad8993dd5d061302ab0481715f1f9b2121f9bed322b6dbb356045426739d22d0b5692b9b8c93a97fa2eac5053946a88daf4387774d79af4848c2eaac11c266e30f865f33dae4afad2f33790b69e2f7b6e784604f113a18c7a8e27b9486ff2ae3f6b9d25c700666007ce573c6334d695bd411f710aefec3d5baa15d1d96ab24b8e616762de82d2c3f652f7764d7c5fb379f72edd3691b1a6583509180a6b6d9eac215210c63c39c826a2a3037cbbc5ec6211d48d0aa63582a67b78bd51cb0ed410f066f21161e0e3b01ddb90017e5b0e3af294b207d06ecce36d562987b70f86fac3e4e77dee86559cd06042d9ad36ede0d5d4903ea18a088f766313920cbad51ca8384e6ee706d5d3da7875e4c040977ece95a459536a01c06af0e8d789b175c51cf01238f6756a98a65b329b05e71def178babe6e82b0accc559bd94b43703c1579c102788821747d43fae4606fc1bc5d2cec2c3079b80868b442b4b5a593a88a1903ee02ce03d00ed2f169e60dcdf17d4957ba2a3e4188f9ec06c380bb5132b54ddb3688005a12bb9fb83a285c2f803f365fecfdd2e3424be75ddcad18953127c65d32f5935b9a6ee976307dbfa95458aa11ca0339782df622e97fe83a246ab362a0aa26c8f9f6a6472416b16e7c8afee433a573763d04e873c971cabfc47dd714c9be4d5821925f2e009b65fe20091ffa2c6f3ed684f334ba4016701388ef000901b12f128f4492f927ada616fd0f46e184f237c548686ac3f508474a4bc5eb729f5af7fd2104d7209648be31ef3aaea1e0e3442527b5f5b6e9e952d06a558fd09a569b8da446d5eb21f60a79601e7e47f69239dc6fa28a4c14bedebe1c6f35e0fa4922438c531cfa35a1d450d6b5a238ec2694de8169d452f964f708de836aa8d4e45dd3ade463cef1301a2938f0863cc518b0375892e5964bc9fc9f3f3f069e7a2ac19d801275c4f2c7bf94cf8cb598056e6d1e5b048cea7e0d3fa893a00e3af681c06939e51369e91cbd5185f87cba734f98fa9ea4a7f354cab1d617629165022bd2afa592345fe8a147b5e763f0c4f832c957cdb4e2e0beb7524fe8f22e40f68032cb68ef1d74e20bd2dee9a9fc48e9ac14873ce70c1ede445e8367fc05a602ab0035f05a4623d40cfe082dfaff36930c51e4cb57da39b901c9b6919b78fd29bfcbb97ee4bc09d484bcc1be77a2c8e4846f4c06abad071452b1b7db3a92033ee50297299d4a11aa50b2d836095890369f8fd26f93021b87ae3cebad3874a36c7b9dfb780bdf978cb9c368e7d00c156733670e707a4a0f983c738a555e7a474f3d90e1abc5e6d08abc29ce5b9c6bf2baaaa479a5e8d6b889a86d434d59a5b986182c70fe59d78e44641b0d9a10f955e520c011f233d11a3d79d81e944b4647f10b5ff30d5a34502d8d26e1565698f151fffeb5e1f179822c85b9ece71f3a4df7fdd614f23c9e69213c670b94319c300af9b9aaf96f01f6e4da35f7399d1c9ce300650e8dd33e30258fa2db1e66d0495b86214d4ae8ce0fa59eccc286050fc8e4d06483772a85ead52f0ff9cfa185a55c589640acb3af0c1054a845a0be80b47a0396fe8099a4d4b4ca69beb7122c270566ba5b0f94613f29e19b0eae218be7eb2e9ca0d736b3986445d01c265bda6596b0a0b5b17dc2c970ef9a3dce67a0966c02c11b4546557c05a2b5e398d39670d9790a00843611fb8f697a463d917d663bdcee20dcc2d30c5a5e0933f8ef9281e01af6bdead2bcc0f33b7ce980f4c9de3a32f46df665f2d25a4793111f1a780b60a142a885e2e0701a2a2c56106ce5031c139d7ed857c66c49ec2a89799ca73fac650c31198f171c7660d50aaba26c92c1db62f3800cd8fb13a22bcbffb6479fec8bfb03a325d6930ae765ca3dafcbe2653e25c6df7f38a6a0ed44b42676c9f80bbe3822386a1b4492276ee8ebede27c259f23ff3fca289107e33391efad076a608e9ad3e58cb88329135dd1aaccc82ec215acbaa545b8354c17f9c8f9ad581ee44d1367f8b1706caa3dfc61b7af490415526a1faa7d77a74e3da148a57120852adb4ec7c6f25d79cec75a912e3ae6c565ec10339dde57bc4c4241a05f8621b3f5bbbf5db3deee5aba9739b67c7d92ff0d7e166ec9ba6a498ab6a454c99d1a2111a14174e840759b1ecdc1f86f8951c7490182fe6e7cc37b3c43f887e28c5f9fbdb09d4367af104014b72f77d31f562d57d8e60a8af10d6b80816e6f2ba4f851b381ed653751270664ebb0b007460e38ab3c7ef85de785f42021c8cc10d6912"}}, &(0x7f0000000080)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x3, 0x0, 0x800}, 0x2) 19:44:15 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) tkill(0x0, 0xe) timer_create(0x0, &(0x7f0000000000)={0x0, 0x3f, 0x0, @tid=r0}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x1d, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:15 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xa2f3ffffffffffff) 19:44:15 executing program 3: timer_create(0x0, &(0x7f0000000080)={0x0, 0x36, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) clone(0x8300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r3, 0x6431) r4 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x8, 0x0) 19:44:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x1e, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x4, 0x0, 0x800}, 0x2) 19:44:18 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xeaffffff00000000) 19:44:18 executing program 3: timer_create(0x4, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000080)="fe2eb717a89ee252fac7f6d91c9d8a9a54fb633be07532f27b0d38fd08379b4e4decc80dfe2d733245efc40ccb3c4796fdfa187727909b14bc8e2d869be6ec1b21877c0690d63583226b852b1cf0c9d0d5f536554dcf65b2765aa5f81fefaf270c558c255583c87cc3c075a0aa169f25c94f1ab9af044945bbdb821a4fe01503f3ed6642431757", &(0x7f0000000140)="0637bbc9940cdbb4995c67f9502c76b45010dccf24feaa8ef4"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x541000, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000280)={0x4}, 0x4) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:18 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:18 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x21, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x5, 0x0, 0x800}, 0x2) 19:44:18 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x8, 0x0, 0x800}, 0x2) [ 1033.115099][ T27] kauditd_printk_skb: 28 callbacks suppressed [ 1033.115108][ T27] audit: type=1800 audit(1593459858.553:2276): pid=10268 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16291 res=0 19:44:18 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:18 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xefffffffffffffff) [ 1033.183992][ T27] audit: type=1804 audit(1593459858.583:2277): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 19:44:18 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x2, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x9, 0x0, 0x800}, 0x2) [ 1033.282501][ T27] audit: type=1804 audit(1593459858.583:2278): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 19:44:18 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:18 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x3, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1033.395053][ T27] audit: type=1804 audit(1593459858.583:2279): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 [ 1033.480641][ T27] audit: type=1804 audit(1593459858.583:2280): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 [ 1033.509005][ T27] audit: type=1804 audit(1593459858.603:2281): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 [ 1033.532419][ T27] audit: type=1804 audit(1593459858.603:2282): pid=10275 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 [ 1033.554964][ T27] audit: type=1804 audit(1593459858.603:2283): pid=10268 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1596/bus" dev="sda1" ino=16291 res=1 [ 1033.577833][ T27] audit: type=1800 audit(1593459858.773:2284): pid=10289 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16289 res=0 [ 1033.604567][ T27] audit: type=1804 audit(1593459858.783:2285): pid=10289 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1597/bus" dev="sda1" ino=16289 res=1 19:44:21 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x8000, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:44:21 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfdffffffffff0700) 19:44:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf, 0x0, 0x800}, 0x2) 19:44:21 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x4, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:21 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = getpid() tkill(r1, 0x40000019) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @tid=r0}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r3, 0x0, 0x8, 0x0) 19:44:21 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x60, 0x0, 0x800}, 0x2) 19:44:21 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x5, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:21 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfeffffff00000000) 19:44:21 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x6, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x300, 0x0, 0x800}, 0x2) 19:44:21 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xff0f000000000000) 19:44:24 executing program 3: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f00000000c0)="459bc5f292ea006a148d92fc1887c85bf0dd8f0ada957e52", &(0x7f0000000380)="32ce037ec531e479a76fbe3b18fa278690330101503defe2e8d0f606f017e0fbdb75af2599de59ec755191f4811c12c395322daf6283c84ff1cae61a1892969fdb809a4e4325f797f826912faf9d65b94849f71cc0e64d94c59e7a32c9f25dffe1724a29c25ac23f9ba37882089b2407c1c92b347905c19ada51355a3342860107dfdd57c3d0b2f280caa8b60cefa5b9ce8482b5fd7d09dab0edaf7aecab53c7e4b3e4749004304cd7d408ca208f9fd99bc8545ec1e05d346506ec9c4192f8a46f265f5a0a68c20e5583eceec45c7e6c6afd47dcb1dbac0a3ae383c5d21dc0bf3f8e98425af3c4ba09a999131f9181a49bae718da63cd763b4304d0617e22be26f1cfaedf333c4a4ce2daccd59d362735764ba54053b5bf89cbfc0d1b227fa19fd3c73e15d8febea26e7f32cd51fe9eb47352cbfb8dae0a4d82433c544e29d671588fde0769778b6b834f06589419ee16ca7a69f65c114e265fcdaa1a737402d4862f1e72ed63a28fb18130af38cdae1fa25b430c3a9ba7d2d9ce8b5da79a16c98aea3a3a5dba8163081aed7ba5d6909c4b511ff753af7603da7d5803c3ad7269c56dc96cebfe58e83d2f6c70938a7fe4664fa94b25efc1c2990174d80e4d2514a9149d4ad6816c0749b41729314202982bd98e027ae68f204fb233faf5afeaaf44683c6b1d493b2995ccf7d353238ba0dc8e6478b4a3eb430e0be0c763d920baed3e8cb0168501357a5e041584c8cd9e827e5ec94eb7ace49f3a2588adb5d70cda85a6265124b262151b9ad72171036f5b10221e63b2c9605504ff480586d4fd3cca84505539fd337c3259ed9d275997f9d5058d0542782904eb3430e0cb3d0af70256bd0493bbb522437f39ccfbdd1604a6441241db822f9f11f0322d387b656aa4b4e0f1c9530cfbe9069d2ec3d379ec65d05276e2a99e0169bc76950fd448a5f0355256cd2ef87cfd6851da1f31f6f93729d7c1b53aa2cfd04bfb967378971908ebdee759e97bfa11320e8a5ec941a75c5c2da6e03f012a9f575b51a1528095f145cb0daa1e9bdadb12f2f5414cd2e77fc8044bbae439f49d7bb2889f91d6df13d774bbc97158839abdf9c15172ed40232a9ac5f9cb519444222d350f0fc004882ef5556f9cf5235e167b40848c76d15850b3e111d8609a4168cca32d650c58df35c15abf5353f9f646f8601fc09fe445a4e82dcb6530484ca3c8105b5e5b57a8a448c94f8f5b03c1c0c1671800b356ac42aa62c42d77b12f6ea1b96e8bb0dd32bc2d01007df09ed1ef4230bbeceeb836a0428f0c16d540284d54c6f5453c09ba6d49d9f24e3ced17c2408073269ec30fe69173a4f38ec62717ebd5ece3c82617ba173b7444fc33f08f74c944832af25c15166a8f2cc34a756ed9a8a118443bd196b9e82853372c080afd21f24dadd1a5f8a96a83adf91932ded6a067ab0230b0eca40294932169510e1f3d0873f826885f0d648d8c0a59f862bc36f6762bf1dd7e012c22010515bb7d536f47a73b99828a99ebe49feca757591c1b3b33c0df1db37dfd2c4b6e3d9214bbe03ede319abd47fa7535f2616feacdaad190dabdce6105bb7d2f00ef9e4c522880dde9e0d9b671f30066241e85294a6e873e14eb38fcc2a3df253632935c068012ccdde6c0ff512fdfda60d3059e29e4d905b929b93c96f57c8c3f8317aa15ea7c209d4f010f47628c422b53281148a31bbd8e1d9129bcfb352f6a15c23560d4e7a2f2f86e6a2a0be2cd93e41e3432acad34a9fddfa74d16efbd9c18bc41128dad7c2af4aa1c340d9c91c65490e87ea00cf64ae39e17085f76998c2ae68194b8f5d26ea4496a98be694d475301a55c9482b59f8d01025736574df9762b9bf6fd0af0481d785e0b14f15b332ba46d06cef4c1c83d2cef5d98440a707ac7ca5a4e5d680e2b4097120f28e1563ffba944ad5b8205bd55623203b3e68e85fc1dd48f0c548e1ae0f90bcbb538809523b069873790adee68f8abc7629d6b577caba49af303a4f63399a0b3b5a795d073fc18b9bd87d926b606c0abdf233e6ad94c969a04a9a59d7f5e24b4b0e1cc77cfbb722635da7bf4f7a55810a21b9d2f14e8e2bfbb2c70d4c9e3c42fbf52a72b4520d72a437363c03b2a873b0c60ce32b5fd7663689a2352347fe9dc12f692ec40f995e982f2a824bf17561e0feadea37c5338ff2323850de374a87bf46a1842420e6d6aa5d99a94bc0371d422be398b43812a15d915e081e91618b1c5740143fb8a65afae134473ff1f17e34d44925f23bf6a28b1326f99e32598b81bf1f389bda6a0fab6087a3eec2d3b14a3cc02cf90f9c881a5cf8a2c35a46f96813ff0e88e6eda1b7572708ff85efa37fdb64d96409113d8cedecc4770f39297ac028a12aed5b7cfd626d48403f707addff115c36298b7f8e88bb963e40df145d1d1949e4596f7682adf57640e750991e3c1d16ac421e403042fbb55ab69a85876d63a22586f4769edd007b9c18c87a354e5853a774bb0e9e7115a24cf8c4a57057d43c3c0efe25f7921b3dc8ecb6566684289aa8666d4120a1031b9340679e2602b4df6c4c50644bca1412627a06fdd9b6e7fda77a2d3550d98d1f8fee60f5491b69257bf863dd75a8303b039262cf87f519cbd850e18131bc917fe80332ca48513a92337a25f772efc260da0eb750f41a81cea0b426f96cd14bcb39974dba451eb1f0464fd9e4b47455c8b2e8cdab6e48ab61c74856bd51bbd9ff8ddf373fb8320e1f2035760189a971bf926ce8bd6922c7d41dcf9141527d442151b2606308f3631017cb746037afe491ed61611a53c605780bc2a15f3bca8fa386d1a40ceda6456f52b2db91b93a20e244e57210af5e22db6cdfd0a4a6d92d64b4372404d4aeac609268ff56e71b038002b8038198a43d81d105779e6f91ebf233aa380265824ca5955f88d19fc8615295e8c172c0e0d4a62dfa774c1612d760b19fbc02f203289b50b5ecd26c871590d1386111bc56fe9584535f9a6618dd5483023023fff023dddb72af79b05c3edd705e6412c9f53b71586609182aaa40a09825957797959ea5ee878ad057057b968c71b48fe529b6662958f13776127d735a1474ea03ae5cea1a6ea2509f850318f07e5d6b130258015a17d70115b0a20ff1ecf86a7c895b62af87de3ca1d92133e42564aa9fc91f5d20b3538fbd2f51a7eb335bca2e52d48d5ff86359b762d28e29757423e85280aa7963ef677fa5fe98f17d0eedd0d7ff4dc8c75bcd0714226da424b10104e50ae28a1ee88ddfa3b242c1e2cc619eb1ed22da407cfa4c64082cda8444563e8299f8e7b39fb9139a7dbb08306e49e02382fa2d2270152a178d74797919f1514b57cf100bc48b438129618996ded26990923ba38278572c8256a6403a5896a8288acc4349b4cf1bb477d21dd8fc8b157dd4a7bda9cb54e23fbda21a9f226f2e7f9346201cbcdba9e4250b85ed67feab4e4e315f8c3666dfa74e8006bce4fbe01c7a353bfbefd30d3104eb1b2249a5bc4d948b7b800f49f1d7117d1ea93ced84fd57fc16d5814b0eeda55bca31dfaac951b965acfa98070312f80490b9dfc913d9b49bd5b5b6b4159061606d60b52d56f671a1e0ef657910f0649105d93a780f97ac1d1d5a09ad4b4c3674200488b9f467f622aefe7e203dc3349fa322fc2027a42af8e47ca0b8c5db088efd7e9031fd84f2ebabc24558f4347dc2a17b401da703ffefd9fdc717ef577b41ab9d7eeda0fdabe9380f61aba747022c1a8d187776a71163411a21e7e818758951793cbe18f5cd1f2ccc1a53977c060dbadf4abd6bea2302a234f5e267ba9f6e41d7a11473561ae3fc0dee2962be75f743e6ff2354aae4d385be269c7ebdfbd18236e0e4ec03fa56a8ea75a0304c0f75498035139bf8bfedf2859939f43277a9a2b421d48323a34683a0a5d851898431cc7fc1c5d380b8e2be9d320e1a8085521904a3e27870c4ce097706553a18a852dfcbccc82faef7ccb8b8f17a29b300557dfe44b7016afa5ba5fc97ab876c7f1a9984ae278313c417d5028d3b4f8e6b1fd3ffec2a73fb318af148d6571a986a310472a278837d2f6b4f9b2ac4fef2cd6e40b06910f5a750c7b635cbce2c11c520665c9f82d3abe03508209d414e5989c40ee6eeb72864c9eca3bd156d4cf144500d95cf7b41b1edb5d3cb852dee15380f3d29282be1eee45025124a20f9f42e19e85bc9f25fca262aefc09832ab8b20fe8e22b868b3e7e58856fd15531fd4643c0bdbcc890c76d03d9f5cba9154a71e2c4d460b4a916fa07d97beda7b79b2d49248c5234f531769c363407c4ebc7795091f337e6c1422b2176ff40411b568008c0ffd0083fff3a500caf84b14873f03c47428718916c43a734dc702e3523a311effbaecc8b4596611302647a5982cc7494c792e78783c7971116d0a904e4893fbd8b2c9ff0427970640a7fdebe87cf8d891b99ff86ff41e0f5bb4143bb56284d2487a2978a8a1c46d22c0e3171a6285e524ee1693eacacd8e348640da0482f92de60b07155b535cae694475da48548042ce9dc7ccff339d9977182479626bd7da8b7d46d02ee0ddbe4eec2a3a777536dab7664969ef0bb45f3a516c407aadb83a8ba6992f10c54b26a277e5fe6b955db6b5489ae57ed996fc09bab0520d5ab5d90c97037634b57242b18da041361920166aeada97a66efa66d0526ade0d326ed8ef1e56d316f8f637d5959182cfb03a83c2efe1ec87f9494deb40997b6096b44d44aa3c0c82d6b22df8e601f615cae4d4d3208e6fec58a0eab2d5ff982f1c5e94c90d3f02f8311f380e437c2411d39aac007b954170c8f6a07e47fd370390ced7a45e82cfa766c1d7c74c2f3eefb5b801d18c322ae3a3fd6a69b96b6a83997c1f69d31699a7afe1a290c1c290696fa1cc2dd3367a118cde4ef73f9b9072b38685b471154a4a2f9fec34a2dc226c2fda178af48e3b777ea894f31aba564c3c959d3656e81c14d041bc80d892bb990471c621795dc293d9b2efe3b8e431f0afe56b4c84c3db976c8e69c88fe89e68466af20234c2e46419069755fcad99366432087234dc3a62cd99ea276984156a2d30fcfba8870abafc804c34eae9b15734ec465e8f78ee625736e9aaa5d1ed237ec301934ff4cd7c225349ebd2617aa9ea5d2d99f670e186561b032b2e24bc10c4257dc7477a5325aa488e2d1255318d115fa9aa01fe943515c9c099c95b84760655430015e79993e1da0e9fc930817820d4b8bcbd55e6844ab42e91b15f03974be2c899984b8fd62020f3109a5210d8fd6b7a7ef6d33aa1a8931ef5f42a830d6a8b173f536a853f693efba048dd9285f0022292b36d36dd3cecca54d631d5b8d121ba8c4de9d2e6e25e7543c0b3963d923258d2288fb916f0881b3359922d8670f1b4081351c30f34050681ec084a0a4020f6704804f1c541d754848037240f6d3ee96ebb9dcc45172cd33b93a9ffc22267bca394d797cf062223c319e95446b5eaa28ef874f7c7f95440a35af8df48d857cf9997c52982ee6505d68b139793c901c717738e164f81bcec56950c31ee7e9d159c1e1a914b1be11e24bf9525e2c79522998bed868e7f63b4003245bb1a2b5499ee3d22696f450fd2f4a0c0454b5df4a7d84b2d413e25346604904a8f1ff5dfabd6d89b44c0f5592f378cbe63e473aa6bf51438430398481265f22c2d14db422f76c12211ec00410648cf87cc483ef2d3aec5de51d9daa65683bf41b56e35f18b8da2e79181c884ee3706511c06df5f5f2b08a2a045f43e7f5bcfe904e10cf6a6"}}, &(0x7f0000000080)=0x0) clock_gettime(0x0, &(0x7f0000000140)) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x1, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r3, 0x0, 0x8, 0x0) 19:44:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x500, 0x0, 0x800}, 0x2) 19:44:24 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x7, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:24 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:24 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0xd47c, 0xea, 0x0, 0x9}, {0x3, 0x81, 0x1, 0xeafa}, {0x1, 0x8, 0xfb, 0x6}, {0x1, 0x0, 0x9, 0x9d}, {0x4, 0x5, 0x8, 0x40}, {0x8000, 0x1, 0x6, 0xffffff9e}, {0x0, 0x3, 0xd2, 0x8}, {0x1, 0xff, 0x3}]}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:24 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000380)="63618b44f48f43d85577fd569430666f73c0b9047df21c87a5b43c5dbe6dbd9667fb8312b5acfdadd5fbe6c3c56f9f4c846d5f1f4392ceeefde76728dc7bc5665036edd033369cb38d740d2514762af5ab442fb6364df5ef344fd7c7fef15efdf511c4f54ca60a45ab510ea32a4a62d4a85c054448178f002eabbdb952a99322609b2438", &(0x7f0000000640)="a016ee44ff3aa30ef36033290530637438256aedfa8dad035479a63d3a269ffbf698f2d286240731f21b127d960e96fe0b251cdb46de029d6313a2fe34165c3b5807aaf67c0224ce8033ac5c9733509c6cd2208440f6a018d32a4f1bb463d0f87e10833d59150e54e35e53b6ffda216f2e3c1e099f11f53f3a2c506da912d8d4e3a71796654c091ad78d255ad2b15bec817b14220a9d6b8f4f211ee42e7d13116a63ca3b85c6b8b5330e8830a86a6375b93abb8f7d10a89ce06b38823c18dae4c55783a91c0fae7dad6673dafff95060189da3ae3b9b3781d1dbfbc98c479d29d5ca85cfa22c8dcd0217a1e3c01352a3ba1874e1d72c3255d55b6ef2742c71ac2ee8f398312abd933767636b7d2c45a911e6af3e892860e3d47bc15461e577c19906c909e7ad8a1682174966fbd7235ea46ec8a44abc80970cb769a104af5318391c0a4c81b978c317d4c1ea5ac2a8e999806bccb69556ac464b9062308a02a49a9b420a6d09d23df85cfc7ebfc8fd1aa81918b6ec1bce16d8032c4d059567ace040304aa044f4de296785149977e14b3184a9e17b3678121ab171cf94a5e5762915efd646bb05b6e577bfda94fe6a3756a910180b37e7e31df08f7d7f0f85d543d003b9a10e4fe6f2d4be75eeb84c9c7e6dee1a6f447533e10ff2b8cf8e3d29b68f9afa436b02a6f4929400467f6425cf8906e28d10e92335fe9ab3996c10ff78b6ff37a747cc7ed943bb8d3506fa60a9154f1c75adef24e36d54339eb3c8f83785f4d5530053558e18aa788aaedb67f6e9dd9107d80c870c93db3fb2a1e26909f57d6bce951e544069bcaee91c3e5447e4dac49f2b4c9b24b3f9f927918049ff87c56a0759a34a0c7a74969394ff3aca05893c971a0c26b79f9937a55fc4f4b29beb9edaf44cc131eb81c25b9c9472d2fd1c7728a2e258f2cb66ba2bf5b23a52db7b25e39f04f846c60d0903e4425248499a30cce6d3d8e03592743e64f6e948d9e76a2d1a8bcb4271a68e58a07fb31161daa2cb964e891342426788c68d304395045466795f4dc00669c46a2a7bbea5cbb1a597affa51c81376c37e5a91cf8999c58ca946c61d32bd2e431efce2c93a34457c484fe4adea12c5f8a610ebbfb82dbe6b2b232a9d8a5748542def14e096da342f708a8125308ae237c028d7b0327cb880bd95a60e9ead769c5305459c817dd7549801ebf4b0ae5b30db5bc86c3c3b7d0cef5cbf8303871e76256d3b912fafc64e93673d77c5cdced57b0b559840940e70ea22318f3d0106950fc9bd68637a3f355b5b8b59789b8c8572aeb5ce8fdd4a9e30a166f92db4b5c07cd3de4cbbbea831ba3a4b4b44d7293e940588ddee8b54073a9e24cc35ddb4523d3c7e9e02608fd385fc3064cf6fbeac23bf4d60f441ab7ae7c07477f19957dbdf6911beb4ec777f8bde8b79fe32d6fd6a50a0a4d495a1f7609c65e0c988ee0bc1e892e7789ab2d1c4912ae40ec13aae52a3d1259a3eeee68b9735d681a888b4b0f3ac692da7472eb0a1570cac7c1017e36a18ca6f30d5789b733176b7c58a29b6244ea63a395e4691a7b9db0d396110096305be5381b57e9c657fc5376c3c9137d5bc72818b57f3b9de80a3f157bbbd29ee6672172484194fe6bdcc8f6f46598457734c821e251649f6aa3e221940b936f132c75ee0e60ecb7ab0cbc3344a76a1b002fdb369a1e9ca7c3d8aad26addd52fc1cded48028b08b5d8457c5b96dbcd2944053e277c7eb2247c5dc6ccf1459b20131313aedff6ac7d1bd625050311949b8311f5d10b9d31dc9186742575382d192a4649a2f115a1e8fd7d2400c3bd9e2aca3e9ee6ec56ede347546155cfd2d70b7d2dac15f04dfeb4f5d6c55b550924fd256e38774e1ba7dd9204918c410107a3e23effe32fbada70fee171216417a415e29bd9521d66c2795c5fa8a2e88088448f3d840ffc5088c57c5ec983c7c7f0dec2d40f298fdfdce80126ad7fd64e2a12295759f40f78317e47c0afa3aabe8ac3ecefc4d4b53f4a4d00ced5672a706815c07a5c83a9ee3acef0548eb99b694be7c8eb44535357e0fb66e607a1f6525d26a1c3f393075904589004012cb9cd34a8d8e4c8d9acfbb17c9d44925938fe9c7282d80e7f1e7b20e53d602dd72642322706a94ac79235ac5532b35feddd6a4c8ff86c0fca7aee97583c3461bf818cf56b0de5f234261cc956adb1ba9694bd0de6a8991744276ff0d0301ab23caae3a69ef56d53b513389db1cb42cdb146274519c334b2432efc87af25112e2709ff0798cfcd7db75b1878c3389ed4ae813abcbe203fe52371937098d768e8279394af1162f6c72f2d18999b73cd3aed2ebcf22de11c87ee17f8894045694135fb115d54d8bc31ce76fa7256ef028870b518e53c4093e2d22c3ee68d547c3b3e19b5e2bd00342de2680308b65ca12824da9bff8c43ae135fab4d1e48f7ba6ccb6b09cfb8edc9eca91232f6fc52df297cd88c6c2b100a57111b41ea2d59564b96cec13403a74af9f0c0731a8b891f81c1e2b9b155537c8749388eed4751fee6a48537754cbfd392a9e907966b20e706cc9d66acc728eb3e04bf3ec2a19c1a0d417261e641ebe6c083c2e9946d2df6d7a3823603c9b2090c33abbfb5b997f057d0d2eac2c83bc905bde060c929259946935f271821ef19607edd0d0176305c9f985c2f6586eccf16d18a5f76c7fd38bea7fa6a901c4f0f1cc77d2bdd9f7239289fe653aa279c2993c5f9bfd62b54d6f58236f2c53f83d8af5189416b61386023ec88693ed7c819e60038feb842dcfd1f23be91fa61ea84342a42f0d875052624ffeccb6ab26042d7a33f88251f6f952a3319852be91037cdfc2143a13ebcf282c43b6350490ad4ef1c50658efaec3ecd660726e6f48e03ce93eefb420ad017d92d2b3ea17a3097cfeaa1297a543d6990dcf6d26e2710a366aa02fd60266f2213c099c21f85abf1c4db0070ab5fe63e7346301ee46919fa55df0ee3cec1dd5bddfde5b46d0a62fcd0ae794814e87ce7de253b1f6abb344b9380ac77b9055d8758d82054921617d14d969ba653af27faf334556a060e1ff4134e318b2fa6d2af65599ba109858992b43ff01aed98e24ffa6eb72b7d6d5c4e7cb2c2815efb4c82fdff813e9b850d01900a79f21493f00d0eb52745176f07ad4d6793b9978fabc524a2b85db35d68b1b36132ec9c4c42400353aceef95bdee830ef9bc8d87a78a0db254476ea04a5420634e6939a9031457337ed209f90ecfda71b5b36e2d377276cd72bf9e3f728abe636a6e7a1aebc083ca3c92abae52843f77b27bf62720e9a350be6c69b4be0fd5c78ecf9f9b30588aefc5d05ed2f800302d02ceaadf4b631c5320774229bb403fb2652197f57e16f1dc0b7a709c086ea36192d669f76e7639c536cb05c2a8ec6e57c9832d2e9fc6453e64ecd2bcb0145e60cc55e47ffc9354c65a63babf1e4e087e637c5f85dadaa52f79f9f6abb9e95d65fefb5d485993a10cd4979f3a926620c5d238baa849493265d2699607aae7d807d178b6844f09fa56ad48ccbf43e2e8ec7c71a7184b86a7d2f1d5879f26c7579209d008c0e856adff9a75706957562ae2aaf71e42d417e23122809b67ddd44a38f864204d2f06531fb912c0857bac30de01a0389cfd0865b1b79265bce7b6cc639378f6cb6c4d108297f33dd1b37ffe726f35ccec20738cd5e8102bfab83bef97dcc8e28b6b5885cea5fad5ef7f47f1f5335abe59a2373a7dc68fe78a09f82a7da1194245f6fca8c48ff59214a5856c4d732a7bacce088308335cad77ccde560e879f869421c1024edb85e42c7bcc620e67d70be3e2e3c7b8c748aa4b5fc4abf86ca0697c5a97ba838bc0ca9dda87f444fa8049e417d676f5becb43527e4c9e2a8c4ec90f81bed6b46b1b8af785bfc141c137b3a804fe3c40ac4ea9aebf8417cb042f6b144342dc408d016de039510a5794b8aa97e4e7fc9971524b452e3f22570ac0e6d30b04f6da450c39eb37f6d5f2d719ae604dfff2a6940b88b0004f83a9199a1833585053903792c83b4803ede0915c3dbaef6c834b518789fbbf368ef82efcbc74772d26e11c57b0754fd89f3d011572e6a0c28b03a1aef4e3bf5ab8a6a9a288f5cb1905ad3c64ce5a15c75c95eb1c332d057ac6e5563aa4e498e5fc1fc96a519c96715842749c116c86a2a6e4de273bb6ecabb0c71e3a57dd2dacf964dd11b75646ff36e82f0a71668c9e76101a0395e8924c74c5fefc5cd30b7ee8861b6377b85a509cacc0c48deb3feda368aeba7c69d5c6fc3aa03dd73a0be31f8e97a5b6af3b58c496a3660ec8fcc7037a4863b445efe871563a84ac27ca97b70952f100032a86f4d130118cdeab4e04f58fc4682f1c3d69c844db14e4d210fda66a8e9efe6948559fef60cacc93e83bff1ac0b364b9ff234465bf32ee02a095f6b0991c26109d6b1ec0c1f0e151ea1939ef4d3f918c5a5e4861b7be8e4a9a1197a22263a1edf3e2451561346f90f038b946e23f86fe31cbbd3fa120b610e22aef0de2e89f7b16fc5ed9940b586397576c559656720f22474152a097c9a7753a82adc0b3a60e727a55c2f32ad7251ea22dbe9b6b5a8e807cfd7716947a5fb61c18295d488ce43b1103bb9010025878cc5bb1961046c0de59d0086d3b5aca96fb2b07344e9d2ad814d7c0856a52076ef18766a288989303108cdf4eb26d8ca8c06f1ab2df0fddaa6cfc17052187aebedcb18a9cd517daa07bb29c73630b2a4a78904359d4eaedf3f1d4e3cfd299a39352bedd1d37a2fca68801ee990f8a50aab4402e86d5f7a69640b046d3a06c400df72aae5a31010e0d36dd700c071e20744124f9d6204a958235a3559ba3f6841f8ce9b05182b0a1df9a76509e1234bf139952545f1598d652c1025007dd69b9fdc2bc4c4b9cd80cfe614ee5628fcb8ff28f8669120bce9f350363980315e6a246b33b9820a753699a751b04b6d6e932ddc54cd046913773942db9614670aa42bb4b08355d8a4e06ab20673e5f74a8e8559895c50232a6b81821ce6c19d9c2fc707bd95343ea3b49daa03311176397ff00d2ce991df9ce97caeb409650b53e0c03b8db73af9a725b516f6af874d82d059645f71502543067764d3b762a5fa3f8ceb2264bc0c2a9b0ea2e9212bb0ade7dc222e96493cd73fbc13d2c68fc610c525324fda3e3ccc4df18ed7a35f3fa6a03f7174a1baf5d5b8702de67eefdeab36c2469d1e962053d87ff4b797f697f750682c5f7774f4febf9f77f89d71b6aa61dfa13b41307c3cf98fa9727c282f6e0094ff472566971ad76781d210fd643e1b5a82b7fd3a8a39728fe7e651b56916080b4de555dfbc294474bdf8b7c382666d96a970c2e0fcc90683e516d5b82fc818c6dab59ea1dfd0565030af9fc4ab7d83f40c2ed2b1c7442c8ff5a736e03e3813836f2299a06eaf9adc33062273bef88b5a12e906a0478884f14c763572bcb14f5281be238bc3c7fad6c552afb097631a6d2f2f68e2648150fc04656a9b1842939f4faba5b995eed82c5c1ee177c0d114d6f4a888cec2c61760c4e1c7a1a69eeb413c33faf83f2aa6e4c15047f567aa929dfa9a1e7f1c638fc02b57ada520815fee5b5ad2bbd4cf33079d42f48520322095841a215aef24b9281f96d23e6a5bb50d13b413ae8ff6a66d8aaddfb62ee36ed0179a3cd876a80baac568d2d17f56456f7cc2455f4f3391a5da2d401be4c167f0d9d8fa6e0ac6374e1c12f298f6de57a73bdeb6b44a8a3e32941a17438ebb57f4f29f7a587f60904c651ef5c8c1546cacfc6"}}, &(0x7f00000002c0)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000d0a03000000000000000000f54f671a71cd17c9fd11913e3d07ca00080800044000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x5) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:24 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xff2f000000000000) 19:44:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x900, 0x0, 0x800}, 0x2) 19:44:24 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x8, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf00, 0x0, 0x800}, 0x2) 19:44:24 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x400, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) [ 1039.322577][ T27] kauditd_printk_skb: 26 callbacks suppressed [ 1039.322586][ T27] audit: type=1800 audit(1593459864.764:2312): pid=10376 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16260 res=0 19:44:24 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x9, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1039.384544][ T27] audit: type=1804 audit(1593459864.824:2313): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 19:44:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xfc5, 0x0, 0x800}, 0x2) 19:44:24 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffff7f00000000) 19:44:24 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xa, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1039.482513][ T27] audit: type=1804 audit(1593459864.824:2314): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 19:44:25 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x3f00, 0x0, 0x800}, 0x2) [ 1039.543298][ T27] audit: type=1804 audit(1593459864.824:2315): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 [ 1039.575175][ T27] audit: type=1804 audit(1593459864.824:2316): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 [ 1039.658343][ T27] audit: type=1804 audit(1593459864.864:2317): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 [ 1039.717893][ T27] audit: type=1804 audit(1593459864.874:2318): pid=10389 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 [ 1039.751677][ T27] audit: type=1804 audit(1593459864.874:2319): pid=10376 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1601/bus" dev="sda1" ino=16260 res=1 [ 1039.776442][ T27] audit: type=1800 audit(1593459865.014:2320): pid=10401 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16261 res=0 [ 1039.816563][ T27] audit: type=1804 audit(1593459865.044:2321): pid=10401 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1602/bus" dev="sda1" ino=16261 res=1 19:44:27 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xb, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x4000, 0x0, 0x800}, 0x2) 19:44:27 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffffff00000000) 19:44:27 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xa, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:27 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r3}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000160001002dbd7000fddbdf25023f01fe", @ANYRES32=r3, @ANYBLOB="a3f08022e4448a86"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x1c001) r4 = dup(r2) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) setsockopt$IP_VS_SO_SET_DEL(r5, 0x0, 0x484, &(0x7f00000000c0)={0xe6, @local, 0x4e21, 0x4, 'none\x00', 0x0, 0x8, 0x2d}, 0x2c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) getsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, &(0x7f0000000140)=0x1, &(0x7f00000001c0)=0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$rose(r1, 0x104, 0x5, &(0x7f0000000080)=0x7, 0x4) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r1, 0x0, 0x8, 0x0) 19:44:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x6000, 0x0, 0x800}, 0x2) 19:44:27 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xc, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:27 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xfffffffffffff3a2) 19:44:28 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000008, 0x80010, r2, 0x94a0f000) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x71, &(0x7f0000000140)={r5}, &(0x7f0000000040)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000080)={r5, 0x9}, 0x8) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$kcm(0x29, 0x2, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000000206010300000000000000000000000005000400000000000900020073797a3000000000050001000600000005683a6e65742c706f7274000000"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r9 = dup3(r1, r8, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000380)={0x2, @pix_mp={0x7fff, 0x700000, 0x31363553, 0x0, 0x7, [{}, {0x4, 0x101}, {0x6, 0x2}, {0x2, 0xcfe}, {0x9, 0x8}, {0x3, 0x230}, {0xff, 0x1f}, {0x0, 0xc8b8000}], 0x5, 0x40, 0x6, 0x1}}) splice(r7, 0x0, r6, 0x0, 0x8, 0x0) 19:44:28 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xd, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xc50f, 0x0, 0x800}, 0x2) 19:44:28 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xb, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:28 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0xffffffffffffffef) [ 1042.613352][T10451] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. 19:44:28 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xe, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x34000, 0x0, 0x800}, 0x2) 19:44:28 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x9d0000, 0x80, 0x153770ee, r4, 0x0, &(0x7f00000000c0)={0x980926, 0x47, [], @value64=0x1}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd0, 0x1, 0x1, 0x401, 0x0, 0x0, {0xc, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0xbc, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2c}}}}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000}, 0xc000) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r6, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x5, 0x1, 0x801, 0x0, 0x0, {0x1}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4111}, 0x20040004) getpeername$inet6(r5, &(0x7f0000000140), &(0x7f0000000180)=0x1c) 19:44:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x400300, 0x0, 0x800}, 0x2) 19:44:30 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0xf, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:30 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xc, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:30 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, r0, 0x9) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:30 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000380)={0x10000, 0x0, 0x1, 'queue1\x00', 0xffff}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x71, &(0x7f0000000140)={r5}, &(0x7f0000000040)=0x18) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x0, 0x0, 0x91a, 0x6, 0x5, 0x5, 0xef, r5}, &(0x7f0000000280)=0x20) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) recvfrom$l2tp(r2, &(0x7f0000000080)=""/75, 0x4b, 0x10000, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r6, 0x0, 0x8, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) 19:44:30 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x4, @thr={&(0x7f0000000280)="bbfa5cf4161e7de1490172c77ba888ffc7559578f274f52392fef6a1d86b62566367831f235086868d4348a664da273acb24597b7046c4cf91b6f3080c93188d5e5955aae3b8291903a77364f40236fe67", &(0x7f0000000540)="9d3157a7fe8112decc03c2c2cedd4b16cfdd50b60cf89e99ff96f5c676c150676795ae883758c7165a25bdb0f3deee6c1bb7bd75beabf0e6deec2316a2c03567b6fc7716048f507802445f60547e198024131357aaa729a4163569591cdbc55d14a44fc2d58930f79a272d7c2006ec48cfc7076f2334ee003dfc6f5577d3de348fe8de60a97d5113ba14a5f02388f9e75eb92f933073a3ea6260860ad822c0d01a870a1557b53f9b0c535c245a620abd7c0b22eaa54a32630fad454204372d2d2dc5bfe8deaeabecf6c4abf401c48c14f36d7186b6b8660976cb9a3ac34b83465a93c3009b9ff4d78171913bec6432a8bcbfb64f9983e249ee0a212392fe02ef1c835fefa7bd67946ac9cc3a3354b0f34bb57ebfd61051449f2851ef265a12a96609f1be397f79fec17528e120b8b47e3d28c3c410e557db4f04bd0a67c6c735c9a182643bcf2e025c"}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x4) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r8, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x10012, r9, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r9, 0xc01064ab, &(0x7f00000001c0)={0x1f, 0x94b7, 0x31}) ioctl$VIDIOC_G_INPUT(r8, 0x80045626, &(0x7f0000000140)) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000100)=r7) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:30 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x10, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1045.415390][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 1045.415398][ T27] audit: type=1800 audit(1593459870.855:2352): pid=10488 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16263 res=0 19:44:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x1000000, 0x0, 0x800}, 0x2) 19:44:31 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_ABS_SETUP(r1, 0x4004556d, &(0x7f0000000080)) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) r2 = perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x81, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="e4935a966fbab3d89e6d542069f62e877ff574f85e06d592954216e913628395763f924ba08d7bc0bfba6f93223f8e3e110b707e653ab6e39920ecaf90487fb0a4e25711a88e392fd6753a88e520fc04cbce7ff9ec", @ANYRESOCT, @ANYRESDEC=r0], 0xe) syncfs(r2) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r3, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:44:31 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x77359400}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) [ 1045.523730][ T27] audit: type=1804 audit(1593459870.885:2353): pid=10488 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 19:44:31 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x11, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x2000000, 0x0, 0x800}, 0x2) 19:44:31 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x12, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1045.685238][ T27] audit: type=1804 audit(1593459870.885:2354): pid=10488 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 19:44:31 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xd, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:31 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f00000000c0)={0x0, 0x3f, 0x2}) 19:44:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x3000000, 0x0, 0x800}, 0x2) 19:44:31 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x13, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1045.817951][ T27] audit: type=1804 audit(1593459870.895:2355): pid=10488 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 [ 1045.900555][ T27] audit: type=1804 audit(1593459870.895:2356): pid=10488 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 [ 1045.995959][ T27] audit: type=1804 audit(1593459870.915:2357): pid=10488 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 [ 1046.058923][ T27] audit: type=1804 audit(1593459870.915:2358): pid=10498 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1607/bus" dev="sda1" ino=16263 res=1 [ 1046.089545][ T27] audit: type=1800 audit(1593459871.115:2359): pid=10513 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16256 res=0 [ 1046.111915][ T27] audit: type=1804 audit(1593459871.115:2360): pid=10513 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1608/bus" dev="sda1" ino=16256 res=1 [ 1046.135958][ T27] audit: type=1804 audit(1593459871.115:2361): pid=10513 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1608/bus" dev="sda1" ino=16256 res=1 19:44:33 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x14, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x4000000, 0x0, 0x800}, 0x2) 19:44:33 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x2b00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000280)=@ccm_128={{0x303}, "d359ce563f662880", "df236a30fdce925b857f9efd98ec7cfd", 'rg\r6', "e054ef791c82a423"}, 0x28) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) r4 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000640)="4eaa9b53842d58256bb03b7b8d331d0e59e5641eabe81d719b3a9c3836882332b49614e73368c6cb47578fe6504b4f7078712b1ada0da71cd4d7a808acf7550f3796e81e3008493242d33aca97dd1c9aad0d6f1ea8bd063a0672f03ca0ed59a638f52f8172cb9829ccc6c270d0d992d9f2b0117100ac61ba787ca6c0ada40f7c46a5cc086171bdf82a7a12212cca3df16d2b6c2db5525b16a5f2628b5b39c198bcc69bddd2f9ce95be5d353c04de0af093322815a35629a4a8767da6bbc1b68c2a640605717346eceea08ddedf9a8d70b1edef7cd3105aa8d34f23503b745a8805092bf63752aeef2e2255ac70fc33ff79e90fd1122a9a5b9390857069708977b76900c8b8380c1265a6f8865690e6a2ca101310eda95ee8c2ef5ba382821ab35d96eb0d17d19a2e2928a51b3920d6c7eca09b2ebaad7960e0beeb6a86c7f6b484d8b0870928416fbce3d54411a53b3677640724f847303f478b722275bf57dffe1c7c02a048749335fc96d763dc29dd321199f239bef8416bfc615a841afe93974cdb1334f111865f41a9d9e850c359bc4c60bfc32a12359f", 0x199, r4) r5 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)="8daddd2fbcce9c21d59f72ebac2d60b0b7a45156e44021e5c8bb2d7fd7bcd87eca9ac5ef4b59fcc8358c71f61e1f7b7e23d3d485867a80aebb7b01a0", 0x3c, r4) r6 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r7, 0x0) write$FUSE_DIRENT(r7, &(0x7f0000000180)={0xd0, 0xffffffffffffffda, 0x1, [{0x5, 0x1f, 0x9, 0x7, '}\\\xe8^$&@\')'}, {0x5, 0x5f, 0x9, 0x100, ',**\'%++$P'}, {0x2, 0x7, 0x0, 0xffffff01}, {0x3, 0xbb, 0x0, 0xe31}, {0x3, 0x5, 0x8, 0x6, 'keyring\x00'}, {0x1, 0x5, 0x6, 0x6, '/][^\'\xfc'}]}, 0xd0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000640)="4eaa9b53842d58256bb03b7b8d331d0e59e5641eabe81d719b3a9c3836882332b49614e73368c6cb47578fe6504b4f7078712b1ada0da71cd4d7a808acf7550f3796e81e3008493242d33aca97dd1c9aad0d6f1ea8bd063a0672f03ca0ed59a638f52f8172cb9829ccc6c270d0d992d9f2b0117100ac61ba787ca6c0ada40f7c46a5cc086171bdf82a7a12212cca3df16d2b6c2db5525b16a5f2628b5b39c198bcc69bddd2f9ce95be5d353c04de0af093322815a35629a4a8767da6bbc1b68c2a640605717346eceea08ddedf9a8d70b1edef7cd3105aa8d34f23503b745a8805092bf63752aeef2e2255ac70fc33ff79e90fd1122a9a5b9390857069708977b76900c8b8380c1265a6f8865690e6a2ca101310eda95ee8c2ef5ba382821ab35d96eb0d17d19a2e2928a51b3920d6c7eca09b2ebaad7960e0beeb6a86c7f6b484d8b0870928416fbce3d54411a53b3677640724f847303f478b722275bf57dffe1c7c02a048749335fc96d763dc29dd321199f239bef8416bfc615a841afe93974cdb1334f111865f41a9d9e850c359bc4c60bfc32a12359f", 0x199, r6) keyctl$unlink(0x9, r5, r6) 19:44:33 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xe, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:34 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:44:34 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000380)="29f690a72211fd99a0de45aa5926e3cfebeab373a05527614afca2acd04596504053d4b655511cb23ad020179dcb7ade832d2b538124eac20bcaabc140aa070a45160e6f8a4902a2becbef0eeb98b39daef702c8dc343f347601cf94b29c1e1d0fb6f0126d9cdc5802730d690e906af751d43c9a2a0b59b1ccd0632d12d9541eff496cff51484e691dcd322a869f15e5d790636cef64b858beff320b0ec7513fde8921bd6f5a12416e3ba79ebf762297695a8245be78caf7b10b18e7e3e7b1c59453bcd38d3e0e0a64b8469a2fb2761e5b700172ed043d46b5300cb05aad1734c32ab3d191ab113265d9cbc0d6d7e3b2247df4", &(0x7f0000000280)="5c7e6f72d2f32c87f5c58bc868b967d50360fec6e757548d1853d97ff38877001318ef24ee12c86b376e0f593ee9ac2066a68a8bccf70e6de02f1da3d2a02f56e1bf217c0a306c2401a775ff73778d21595dd902dda41c3f9696b0"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x71, &(0x7f0000000140)={r3}, &(0x7f0000000040)=0x18) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={r3, 0xffff}, &(0x7f00000000c0)=0x8) r6 = socket$inet6(0xa, 0x800000000000002, 0x0) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = socket$kcm(0x29, 0x2, 0x0) splice(r8, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 19:44:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x5000000, 0x0, 0x800}, 0x2) 19:44:34 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x15, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:34 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000100)={0x4, &(0x7f00000000c0)=[{}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000140)={r3, 0x3}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) 19:44:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x8000000, 0x0, 0x800}, 0x2) 19:44:34 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x16, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:34 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xf, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:34 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="540000000506010300000000000000000c0000081400030068753544c98601a1b46f72742c69700005000400020000000500050009000000050005000a000000805a36b824a27b5c3a6e65742c706f7274000000"], 0x54}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f00000000c0)={0x6, 'gretap0\x00', {0x2}, 0x8}) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$DRM_IOCTL_VERSION(r4, 0xc0406400, &(0x7f0000000380)={0x1000, 0x6, 0x3, 0x37, &(0x7f00000001c0)=""/55, 0xd5, &(0x7f0000000200)=""/213, 0x6f, &(0x7f0000000300)=""/111}) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x9000000, 0x0, 0x800}, 0x2) 19:44:34 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x17, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:34 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='io.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) pidfd_getfd(r1, r3, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) tkill(0x0, 0x2) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r4, 0x0, 0x8, 0x0) [ 1048.957098][T10598] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x18, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf000000, 0x0, 0x800}, 0x2) 19:44:37 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) splice(r3, 0x0, r4, 0x0, 0x8, 0x8) 19:44:37 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x10, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 19:44:37 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000000306010200800000000044b5ab5cfdab0c41010007000000"], 0x1c}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000140)) tkill(r1, 0x2) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) setns(r3, 0x2000000) timer_create(0x0, &(0x7f0000000080)={0x0, 0xf, 0x4, @tid=r1}, &(0x7f00000000c0)) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x8, 0xc) 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x3f000000, 0x0, 0x800}, 0x2) 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x19, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1051.723713][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 1051.723721][ T27] audit: type=1800 audit(1593459877.166:2384): pid=10623 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16318 res=0 [ 1051.744136][T10628] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x40000000, 0x0, 0x800}, 0x2) [ 1051.818768][ T27] audit: type=1804 audit(1593459877.216:2385): pid=10623 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 19:44:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0xc0, 0x0, 0x2, 0x8000000000000000, 0x29110, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x200}, 0x40000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:44:37 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) sendmmsg$inet6(r3, &(0x7f0000001cc0)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x7c5d, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}, 0x1c, &(0x7f0000000700)=[{&(0x7f00000000c0)="eb05d330b7679f7fe0", 0x9}, {&(0x7f0000000100)="829f5e8197db01e759adb770e50ae8db1bf00d5b3c8288074189d1a6f100df3b39e79da74e40d122c8bcd8d7d712f5ccaa459caa11fe587abef221dba526f349d200b38e051f31606f63fb33cb", 0x4d}, {&(0x7f0000000380)="22b8665d3c201f4b2ff84f64833e9e4f9dbc24d012df794ac5fc8d4797a983542db9000c8d9408ea4b8b5735de9ac5169236b9e12d8f9bbf6373c0d095b1435462f5107e4d30720fc34aedb879392a4068a07eb1f66bac66f88b593ad2f2763072ac1c53b822968c08edabc6fcb0a009a57c59f704f3f48ab0f418a71351564b51f9143120805ee65931cf3e89d73d4268c211", 0x93}, {&(0x7f0000000440)="c3905334714aa1159f619bac7398c0e06c78f144355805eeaf36ac87ad9bc74b5a62978b4e15e97fad9188e04f61e811715e0916ddffdfa9db4b00cd5263fb07ba1dcb6c5cf097df6dce01395a6dad6d92fef6858b1e4b0ede4d421712cdaa6aaf7599c5d5fbf72a188dfaff74c8918e0dc408b66109b87c4625b0ca746f642c79637552901e781cf00367014010bcd305e6daf547ff55204dd12c1abaf557ea0b01f86ed639dee5adcd75f6034f07b05600e40e59361e7871c4afe889278296ae78e0cdb445bb208fdc27c424b64988ad8d8d77264ea7ec398ed92269586167c9f9961c5e6be6369470c6fa911bd9711e245676", 0xf4}, {&(0x7f00000001c0)="a6fd12dd0c0ce728618de26f4d3cb32a6c7adf028f172cf60e79ffab2036ca763ba093afa9995a1f5bcf5cee67e3855a53858c83b74d961ac894c1ed", 0x3c}, {&(0x7f0000000540)="7e441f537f5598c552344336a17b90a84ee14ad59663377b4e564a8a397abb477e35fd4c81720311760251e762177b8b69bf9db353eb21fdd27d9b66dc3944b5c0b8779a2d58810ca392766772c0274614a0586116bd25b0f2ed33bbed47f9821e57572aea05a88f518df6cda2b3cd1e114aecf817c8c5ccf3b065c9f419497b5fd22f7fce2985096f3911c563e0422442a90b937c1545c547a2e2dd71303138845a702d984b943696c3d3728a1abebef72a41", 0xb3}, {&(0x7f0000000600)="2ef7ed69511485ee523c06ac4d26a780dbbfab7430829716473ddc7ffa5f08ee8b59189b71502d5d05b5ed54ace28080400d97a374718a045b09bced6c123fcbfd527cb6e7d84a9a2ddf36fb5c2a08ddaf528a0f5345b605e20f04d58f714d9487b945b11b9c6870ba1a808b24b397a7c2597012e69dbfaac55c5d1d9698f9f50bc4f1e27b422b986f807a19f6493b0186e8492cdf32f22a4f2d346d49ff7b7cba691d14f17f7e50bf06eff0ec592f682121b8ad0afe28493790618b265964457256fde48ced532dd1192cf0982f1029966f36a225ff8fc91441", 0xda}, {&(0x7f0000000280)="2a7f42f116987dfe1a7cc5eafba188cfbb5ef085aaf2c1055730024eaa54755dd82fd95c510a9ba9ae68d11a14de45fc6d8101cf86e2f86b4a825b273122b37ac21daacfe36f01751590f04c66b54d43aa4892150df0c614511de2a3c1d67c31", 0x60}], 0x8, &(0x7f0000000780)=[@dontfrag={{0x14, 0x29, 0x3e, 0x8000}}], 0x18}}, {{&(0x7f00000007c0)={0xa, 0x4e20, 0x2, @private0={0xfc, 0x0, [], 0x1}, 0x101}, 0x1c, &(0x7f0000001b00)=[{&(0x7f0000000800)="311fb501e86d7d597bb01ad3938be9a424e486fb6a2642aed3b867e91192bdf5753b97fdb14542924f2a1fc13f69a90e1ecad3ffa67a018997a1b1deeecc6eeedecd7254c1c95514410d9e614b93fb0ef80de83ac582bc66e47077023844", 0x5e}, {&(0x7f0000000880)="b5c55ed8a8cc6756e9584ecbee04ceb93bd8caa3eb1a312768ecd2090138d37fd5f91d128d83004f95a90ee470daa30cfe9cf9eae67983a17898257df29f29846c02ac9f48ddd869addf01684c6135f02b5ecb3d133646cec33647c26064ccd68603523349eca2b43e1c81c7d8f5d3158f10c0e1bfc08d575dafd2a485824f1a281c46aaca203cdacd4d69b7ba1da86f4b2c375dc22063a011c80b5b356c47e40cc163f113a20159a3fdf42acbc0039c0d9eb061f05b09b2934b8b23c0e9ef5a113932deeaa783bc6a5cdc5b9b9719ff31290310f1113fe5cce007998904d7ee54c52f2aae57b0db22b00424a5d251fde2a302c50f5ddccd87beb9fdb304b62879990cee5d2a7ec054825d9ff7ef3e40eed25bf7d19dd72b47cbd391f787744e3455cf13deeca11a7195cc05fb2c8701b443431c8d0a3d696caa9b8e62c09aa9fcee8852194f9aa55926a224a63cd6b9e5f82805048d4f2e66916beebc7a334e1d1bf6fb4e3dccb605665c465129790d7cfe637cb28bdeb94cbb1a9b439ee0ceb618df7c40b046384a1fb52ad487d0fa6e9d7a1fd9a37c8de568f718208c37bc4e9029a5dfc4efea820a3356de90937807c03c260fbe71e4c9a57209bbbc0d6a515be25aa9827116a35a5fdd41a38cb0308e6b07858fde0d52af8cdf454cea1bf528a449469a359e9f1390858e320aec041f31514f4850399ecae4aee0030370b2e48b704368d98ce85a5244e758289bae750433310cfd37283e93ef5ded6479d7ec84a13a64ec024a090b3d3a06a53e2234fb4914688442cb4f849973e90a557408050c72a24b4a08cdf52e8971b9a79136b40a0f80340a1c5b5ee79d8ace8c7e44d0d1d26be33987b55c5af38b336e27e7bfe2157f6435a3d76f5d7e25a94e079911f1ffb2db73635aa08b75e6aade6ab002c6f5c451bed06f9ca8c9fd0b3dfc1a3dc2fcb10c296ce6d14379557c631b1ace3cdc2692b320cacd93baaa661a7c59f38512b273b0014a6c4aff8ed19d7a123da21a37dacec675fee55f91bdb5cd77383527c16aab5bbb6747fcedbc35482d86676aa93b4766aa6ec5f1d61716ae671045f451a2f33693f5af6fe4a0110e63457bcb4c1b6dd8737e132dd6b23ad4e153efdab4c8689304992f8676ec96a2dbfd75b27a49b9e351a2954112f4fa04515fa9a1c543a6f2d073296bc4e7edf876ce146a4e6fd309c1cba933409a33419e2511358d40888d7afb55d6dbcabd5fda3ca16ea9962b045b4654e167d968c4f7fa9eceb799d5ca6fdc6a8a06275d924bb59ffb3d1c471dffe9034b0f90a6cdf3031c159069aae4739443e4a0b7f135252042504ce073bbd7d58dbdada4997e12151c79a9dc97197d101fbd34b8e318dfd5a511f16bbf6c1be6afe9df5d87b55a8e7d52616f24ed7ca0d26c308b2c53479612d9a34e4f1352d487d334aa0ac571d3652c5993be529a014c56854e1ed7ea8d1f0466356c98a89cb06b7d4ef16df1bdeffe3d63bec73851c0b6ba87e3c940e8d87eb9c21a1820e4de7c7191e2be4725430fe818e8cc73d731c74bfff81935a3aff2f1ffe270d67f542d6f349ad183e6117d44db572e5b06b3015cdb49a846d1561d32c468c7206958423a55a2a9e37b76065babe1341099815a87a6fc9cbf410f0652f965254f095054945b9b669758274147872415132e727405b721dd81fd129c499b8506435a32cdb32c363505f6f2ad348567281832c818f11ccc813ef42b9bdede7f6f88db8f446683c07c29d1d557ec64cf1a0da65b9593bdc838b7208441a31f40948a2469d0786d8847910a93c4e5cdbb36e4954ddd5097c52493aeaf8bbf0cb4881f2ebbf7bd9fcb77ca6fa0d1771737b705f39c3f3c1ac803ab93d826d80b2a34c61db1517370555b02751099e8641dd67f67e0cc38a6da0f44af8fed4a2f7e933b39c807de62ad602a7b980095e536756585ef38cd8143fd17ffb25e99b1b4cbac6e3489b496b02bfb35ac0be59b586d6050f0cf2ed0f87ea7582ef04f158e33d7a5da934e81aa4efb69e2d54af8ec36997875153b82531134acc376b01b91e5e1bc61b30f38f9bf0292339fdcd228ff0198300d97708b1072a7659c445f8ac26e6c1330f259e0c37bdcc2e235b3a9ef4cf365956bc4150b32c8cc12733382cf0310f26b25398bbb3bd43514aa4e04b328cd090a876aa3ad67d35adfa45889930b7253fb81ea16d839b0275867572532993eebefafa0b8aa4d7080913d3783539db4dc7b9cc4cf229228e53996fdf9a6d4998ae2dc9fc39cf1144eb4e8387870aa063b1476436c4be3a9dce98108811894878f4e56fc3997ed4a7ffe35017ede1216f16c87beee34ba07fdefc15879ec1d6c24ef119860f014d3b365cd00b478513fcc6161118f40a3ea68160938e1020a086d2693479ae0f1aa5cd4d52c69c3b5eda5e449d653d7f8452907520849ecec94bebd8e58e03f9158b065644599496959db6b633a1a6f8ce8aec14826949a5befc69ad6eef6a0058be315db9ad9f8f89c48faf1062aad63590a149a974995fd7685f72247160cb94d707fb03054480e5b9bbc36bd9fa9a45a808e640b81a1c5d38a44174e6b54cc654b0536e7c6ae0d288352726f1ce27c22c86cf60d5291faf94a6f3964fc8743166a8959d69184ca3e69034f65e754a684d93482a46e5d05f8e38cab3c6700f992359bf63691a046507e4dee217404068e1cf7156db883d2ae552d874fc299c8932dd6fbeb8c400acebe985f66f36265246d9ccaebd633e0320b05083b20d3f033d8b34588cc1c3cd30f4b8940a7c55b89aaf1b90ba2ce49a52672668dd36bd6aba3c3b906d3f65b211e72543e83db743d639601bcb2fa995a290a3c5bb8c1c7bad9fdd6d7596b403683151c803cf20ae7612d0dc8d072716eb2847c44185e5926d0ba2f2b7d2b525f29942f1b07199feced4d52d83055e03f68332cc2ce12500af6c5eeefceef0dd9047d9ef712e7318f4781b9e0d613a172beef16887a4eab49353ca079dc55a1ec6470a9c420375c792b15d75e8aba52d448f16df2134e2801647d8d0b3779d059f36576c215a1b021ea9df21c682adf32402eeda6ccc17486205a2e99c05637ae2af2f2577255c2adcdc4d3f59261d995b09b382303e577b4d856d4425b803a1b4682487587037dcc1d59bcc7a161a4cc226648c3d8950fdb88e0f337e9b4e43a12ad3155c28e72d39b651b33f3f1638010300bb52e97af28a23196b535043a66bb8a1bcb9c5cac2fd1e336b8d96474ad5d165db6602e9c66bc365a768b86601653fc5ad01b11a3832d23c279186ac0101db7ec105b98714f525193ec2199afbcaacc6d46315bfbfecb3feb82892adfd474da6b9598177314a4231b93d8cfb0ea6cb0f64035dea8b55dcfd3e90edacc26e487b7c0d1d985ccf8db462ba69915ed907fae0d9bb7a9a98fc9890eacfd4d5a9d0ab3e216e106fc272184b9cb75536285b39d098948e43cf31767802aba4f821e6357eedfb56c2d36269b657a5ca0439800001f78aa6a50e85bfa42a061791da7f2bfb0758196b367148f4d68e8b222191088bdc7de242bd29d4dacbbbb633a6899fdf4ee8a21a0aa9651a873febf21187097fe1794bc1dc46c1c6de91536466bc4c53c9f8c9084e3176b02d4163883f9e657057cbbb847587541fc45d42b8689b9892d3bf2bc4747e72a966f738bde8372f670ebcfd5d5e6530e46e7bbf3d8c6e6282508f815d4fca11644eeca6062ea905aa887a2ffd442b2ebec05493d626ee9f40e9e8f0579708dfb51156139f5bb13a3bfd970c5721a4bb4768186d87e21bd417d1fecc29f6e7eb858febad751d73c02c5c947714e7de0025bcc6ce712529b3c185834911978939044d6cba6b3f2c72877263b2e97420e84261fcc30e83505f3136ea0abcece756632bc70ba6c831eb4d45226a281505930f778471af35006b7547e3b65448600360e02f26a8d2c5af16f49b138ee647d8ce3094d9370bc50939ae38e48947399af78ee23307dc8b4394c401c58adde9fde0c6479e25aea42a92f9a8b9740284bad2bb12a0e3e33bb0e4cbbaec657ac621a1e87d2f49b0f8e2724079bf777077d09434a2121af62e1b2c481b428e7b83359f0a96277be794747bbd62308bb0b9c2876726660905ec8b9101f4213339c330613bcd57256ada724fe574bc017c3ad38d6103143834a8e0472d81aeb8dde59014282dd8f4b2b43d19add3c5c15719973db2b7c5654c248dc72f600e9efe84c7d9e1ea2f28b3baa88f950ab082773883a2abf34bac167e3138fcb17493b975784133009cb58773700cbb65923c9a3d513fb6ccbaa9fa6ee10409c6278585bed8161c8527489f18449d025b5de6f15ffe20640a9912c71bd700b444edf30ef6edc4fd96741d8708864afced6d0bfc16ded47f5169cfb6b72ff710ebeb769de76f768e7146576d730affdd7dd4e70eefd0a8e1c47f30c0ba68d3eb8c3b8bce424eaf35980678d74281d515011390cfe23362e06e2e671a4d04dc3778f6b60314c996e4a9eedea4ae8f5f503dc8a5a1ac7ca768747b3f5c8a4180fcd2c20a66bd2f31f91040a096a72b40c6beeefe82ff59eef0ce33f7adb86eb583ddc119ec75c85792569dec53db7567a02fb795a7ce49e92005898ad9fde69616a161d227327ffbcb198b2db7ea961327c8db7b8b94faf82ce075aa3947afdca1327a7a1aaa531df6854ddfd3be30768742e7cf0eceb32572c6e06675119fb6f0b544d217d992502d37092c63264d0deacf01cada656a198c093d4c5f6255db6d670582019f265658f1009ec0122c67eac73033d6a1584fa5b52a191d1c9a0f9ae0fcbb3ee7be114dcb0b8b05d9f4171cd00582c55939cd8178afd3041ae755e6da9bf17abdd309aa7e83cd0b34effe74f0ecf93acde784a9859dc20a55834b1a3c93336bd35e552487ce3c384efc820abc5a4282375163e40b3b46ceb1c3736c194d5a71b88e5475184a1b8c22341c27c45971c3bf0d3f8e085fa3d8df7c776bd152e168d83f75a6772ae4655c3dcc1ac2b2de1d0abfd0fedf41bfd6a821b394d671b9611ba9132605d5286e76615da066f3d183a1e805d5cbfa8a0451755fd685e1d643d698a51fa1ff94111d9134c1b137cc0a9b7c4e5368e32faaa45f49cf5f52bb4052b69d1a28ceb4bfcf7f0140ffa3afbf62ceed2303ab0b0db126263e024cc5f2beb764c4dd0db92161a99c6af8c7ee0b2d18221be6ddc2a6dceaa86bfad31489b32e3754059626eb8a65e43343d688184982525b043e4a843b3bf0da60777ae09a4475f5efdd0b45155550b8ef2392234c8c302993c89ef69122e81e36382894c0e686fbea7402895096d8748faa0d4cb51b7eb2938f546880fe7b851e7a6c868d45e1e97cd70442582ecca53477049dd57fa7fa21b6877ea6dd2a9eecdd199b4c4ca8f13f7fe86701f8f87273c4f4a8bb0a99e15a0d82e0cd2be52b6180e0475c098a6c63a84e6579c9257f9e2b89a48dbfb8ba992cd981f7b3a7d623936efe7a973767de96ab1a30b77702aacade404b4ae37d9fd2f80c5f9c1033bb79be5a1280c57260e37eb93e27ad7925c15b94b5e42a3bb53372cac1189a51afdadfc7ad8d3559250340e8f3eac5676dc5ad89f3ccaa409141e5993165d35b48d5e8273eafdb436ba30e6ca0a316c81aa45e1c38e9fa2b2008fa17df24f031b59a5289d15dc9fb252ece68eaa83fc823c90d71ce8e780f9bcd782d70b67db3008114cb2fcec5ed46609a99588f636c6217b53a7e11ff77773ee159c59339094", 0x1000}, {&(0x7f0000001880)="7ec2a942fb85deed67b38d7d6f93f5f50eca020b42c764e9a2a755501bfde46bd370f7fb22b6589a524e953b984e", 0x2e}, {&(0x7f00000018c0)}, {&(0x7f0000001900)="2bc07712dd1f134f6d28f8451e403663fd57d9225cfb3ce6a8901b079ae5b8616a99e7d434bf45c5d74542bf9f96e70e952c8316e6dbd4c87379d0d50322856817cfae7c03e9e0e335b0c15222d6af3cc2b5944905bf5da5b896bd57b43fbe0ae3c44bde5383daa24ca1905f03080e6c30f45f1b51832a6d", 0x78}, {&(0x7f0000001980)="55af62bc2eeee66b0bf82d6e12914d0971cd39daec728d93a5bb17b8ff909a3a58f91f379a0d8e7d5ab5383043a9b4852b09005e27d95c2a9028354e9c19998996e4d7229da2b80f4c5c54959d3e3ecf85f7ee417ef547283f6bf265c182cda9b3f641c4437f84744800953571e1f11c4104773ac1b383f0f9f2102e9e4bbcd1afbd8a5c213417fd", 0x88}, {&(0x7f0000001a40)="06e6223e179d1f54674f459c049d94cae96697de72d69d18c0d87f66cec3902ea52bb47a29cfcc6574cc58682057f4c3476c01278fcd6f4934", 0x39}, {&(0x7f0000001a80)="5a90e9a42d8ae0827d45969cc84ba39cb605199541dac5ed4a0a2e1e6158cf904eb3c5403dc0deef85a50028b53cf44e75efeacbf3044efa869514b140e8695f74251512876524cad4297dbcb9e33d26d1feee7204006fa60654cf0fdd963faaba40b745bcd2fc3e96b531cc74c9", 0x6e}], 0x8, &(0x7f0000001b80)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0xf718}}, @flowinfo={{0x14, 0x29, 0xb, 0x5b39}}, @rthdrdstopts={{0x48, 0x29, 0x37, {0x6, 0x5, [], [@pad1, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x1f, 0x16, "47831f92139791f37e85e9a532baf6811b28f546c9d2"}, @pad1, @enc_lim={0x4, 0x1, 0x4c}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x100}}, @hopopts_2292={{0x20, 0x29, 0x36, {0x2e, 0x0, [], [@pad1, @ra={0x5, 0x2, 0x7fff}]}}}, @rthdr={{0x58, 0x29, 0x39, {0x3a, 0x8, 0x0, 0x8, 0x0, [@empty, @private0, @remote, @private2={0xfc, 0x2, [], 0x1}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}], 0x120}}], 0x2, 0x39b5c9be1b047708) 19:44:37 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) timer_create(0x0, &(0x7f0000000300)={0x0, 0x3, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r1 = msgget$private(0x0, 0x0) msgrcv(r1, 0x0, 0x0, 0x0, 0x0) msgrcv(r1, 0x0, 0x0, 0x2, 0x2000) msgsnd(r1, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$IPC_STAT(r1, 0x2, &(0x7f0000000500)=""/253) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={&(0x7f0000000380)="40905866532fd8955da5d02c94e6ef0400000073a0ca868d786582426c8043949521309fb593bb91207f002e10bf83a5e37fb0485b955593be15e6197e10a6761deb6c0724e4aa0dfaeae9f83d57c2ad18ac3b60a7e0094b55b76c89388a3878fc6a4a44308389d67cc02657a14008abf90dff01bd92b40ec7d8da4ba9a9655da98a272555737238c21d8433d308fc2313d8be70a85c3b78ab85bb7a4259bdeabca2788904d724825ad71386e638e658cb353a95e1f8d92fd7557eeef8a85c672419903b26f7e76f33c93fda22a057d970ba4ee92034af1db20670c3bd6be88721ff12c6033abe2cfbaac037665366a74526a05a1a653e341147648eebfdc7c0fcbc7cd83229b5d1f256cfaa1dacd1f8313aebc7c90a6d1e45a9dd515c0e5aafb4464a971f882dd22b9ae6fe4a87ec41e84939a3f71664503b911fe029b9279901095e44d4c3e82925f91f1a68755dafad830ed7a267c5656a0310f74e6fdc0308b18e0c795e4449b7ced198fc860b4c58b590de00cf45f3517a591f9eac2ae1", &(0x7f0000000280)="89736c25c1126e0effa44c0e8f84e468ef16c698f23c836dda94bb328b79256f2254a38bad50a93c184e60b76b09852d9b5c040c505ef9d087b4f04121f4372b65d1c426fe3ebc3bdf529e63d728570d0533bcf365"}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r3, 0x0, 0x8, 0x0) [ 1051.900189][ T27] audit: type=1804 audit(1593459877.216:2386): pid=10623 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x1a, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:37 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x11, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x60000000, 0x0, 0x800}, 0x2) 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x1b, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1052.047245][ T27] audit: type=1804 audit(1593459877.216:2387): pid=10623 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 19:44:37 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x20, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f00000000c0)=""/80) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f0000000140)=0x248) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$MEDIA_REQUEST_IOC_QUEUE(r3, 0x7c80, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) [ 1052.127270][ T27] audit: type=1804 audit(1593459877.216:2388): pid=10623 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x9effffff, 0x0, 0x800}, 0x2) 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x1c, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) [ 1052.282329][ T27] audit: type=1804 audit(1593459877.256:2389): pid=10636 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 19:44:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xc50f0000, 0x0, 0x800}, 0x2) 19:44:37 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x1d, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1052.401452][ T27] audit: type=1804 audit(1593459877.266:2390): pid=10623 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1613/bus" dev="sda1" ino=16318 res=1 [ 1052.520630][ T27] audit: type=1800 audit(1593459877.486:2391): pid=10656 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16259 res=0 [ 1052.544954][ T27] audit: type=1804 audit(1593459877.496:2392): pid=10656 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1614/bus" dev="sda1" ino=16259 res=1 [ 1052.577279][ T27] audit: type=1804 audit(1593459877.496:2393): pid=10656 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1614/bus" dev="sda1" ino=16259 res=1 19:44:40 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r2, 0x1, &(0x7f00000000c0)={{r3, r4+10000000}, {0x77359400}}, &(0x7f0000000100)) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)=0xb2c, 0x4) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) splice(r7, 0x0, r8, 0x0, 0x8, 0x0) 19:44:40 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000140)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp, 0x0, 0x0, 0xfffffffd}, 0x0, 0x4, 0xffffffffffffffff, 0x11) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f00000000c0)=0x3) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) write$cgroup_subtree(r3, &(0x7f0000000100)={[{0x2d, 'pids'}]}, 0x6) 19:44:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xefffffff, 0x0, 0x800}, 0x2) 19:44:40 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x1e, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:40 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x12, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:40 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) splice(r1, 0x0, r3, 0x0, 0x100000080404, 0x0) 19:44:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf0ffffff, 0x0, 0x800}, 0x2) 19:44:40 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x21, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:40 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f00000000c0), 0x4) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice\x00', 0xc02) getsockopt$X25_QBITINCL(r3, 0x106, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381) 19:44:40 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) r4 = accept(r1, &(0x7f0000000080), &(0x7f0000000100)=0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) r6 = socket(0x200000000000011, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r6, &(0x7f0000000000)={0x11, 0x0, r8}, 0x14) getsockname$packet(r6, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r9}, 0x40) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)={0xa4, 0x12, 0x4, 0x70bd2b, 0x25dfdbfe, {0x1f, 0x1, 0xe0, 0x3f, {0x4e23, 0x4e22, [0x1000, 0xfb, 0x1, 0x5], [0x101, 0x3, 0x3, 0x3], r9, [0x9, 0x2]}, 0x1f, 0xff}, [@INET_DIAG_REQ_BYTECODE={0x56, 0x1, "b1e8a392281eb9ce94216e2e6942ff90166c82019c6f7644d7ee69d836d0bc8507b26e09454dd755810f47b45cd8bac72af9135ceada063957a588732ccc6752bc90ab85e399970942261c124ca3f9f1d4ff"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) setsockopt$netrom_NETROM_T4(r4, 0x103, 0x6, &(0x7f0000000140)=0x2, 0x4) 19:44:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xffffff7f, 0x0, 0x800}, 0x2) 19:44:40 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:44:40 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:40 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x12040, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x100) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) 19:44:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xffffff9e, 0x0, 0x800}, 0x2) 19:44:40 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x25, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:40 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xffffffef, 0x0, 0x800}, 0x2) 19:44:41 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:41 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x2, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r0 = open(&(0x7f0000001280)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xe) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000001c0)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000012c0)={&(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRESHEX=r0, @ANYRES16], 0x0, 0x20, 0x0, 0x400003}, 0x20) socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x1000, 0x715003) r2 = dup(r1) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0x40045731, &(0x7f0000000000)={0x1}) write$cgroup_subtree(r2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) process_vm_readv(r4, &(0x7f0000000180)=[{&(0x7f0000000200)=""/114, 0x72}, {&(0x7f0000000280)=""/4096, 0x1000}], 0x2, &(0x7f0000001280), 0x0, 0x0) mmap$xdp(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x5, 0x852, r3, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:44:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xfffffff0, 0x0, 0x800}, 0x2) 19:44:43 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x66, &(0x7f0000000080), 0x4) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:43 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x230000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000100)) open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) [ 1058.227710][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 1058.227718][ T27] audit: type=1800 audit(1593459883.677:2424): pid=10786 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15844 res=0 [ 1058.256889][ T27] audit: type=1804 audit(1593459883.697:2425): pid=10786 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 19:44:43 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = msgget$private(0x0, 0x0) msgrcv(r3, 0x0, 0x0, 0x0, 0x0) msgrcv(r3, 0x0, 0x0, 0x2, 0x2000) msgsnd(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="bf148a"], 0x8, 0x0) msgctl$MSG_STAT(r3, 0xb, &(0x7f00000000c0)=""/187) r4 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r1, 0x0, 0x8, 0x0) 19:44:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x2) 19:44:43 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:43 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x44, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:43 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_create(0x1, &(0x7f0000000140)={0x0, 0x1c, 0x2, @thr={&(0x7f00000000c0), &(0x7f0000000380)="a82106b0f285a08fa9af472bbf79cee2a08539cec96cc00704714b8c9d44997509f99bc01ac1cad0882f75c520a0355f71acba4274d462ccaf93d3aac6b93e00dbee8ef51a95f924d503c463037a39c0ad45426eb510c8aa4cd122bf188ac8b351a64de29ef2e2012748d4cc4137ad2316e8e4c871b402b6c7394d019e981e8a01a25d319dea57d2005871e8180598fc57fb8d1ecb999cd62a5fd85ab09feb6d8e5d947bf82c73a326eeafa21eceb1bccf319d15a3e1488339d7a6eb047bb5be5f6b8a46e92944e2ced43732ba6fe933b3e49acb4ec24396cb864f"}}, &(0x7f00000001c0)) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) lgetxattr(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)=@random={'security.', '/dev/nvme-fabrics\x00'}, &(0x7f0000000600)=""/185, 0xb9) timer_settime(r0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000280)) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nvme-fabrics\x00', 0x40000, 0x0) read$usbfs(r3, &(0x7f0000000480)=""/244, 0xf4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) munlock(&(0x7f0000000000/0x4000)=nil, 0x4000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) setsockopt$netrom_NETROM_N2(r4, 0x103, 0x3, &(0x7f0000000080)=0xfd, 0x4) [ 1058.301816][ T27] audit: type=1804 audit(1593459883.727:2426): pid=10786 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 19:44:43 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x1ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa\x00', 0x140, 0x0) ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000100)=0x40) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x100000000000000, 0x0, 0x800}, 0x2) 19:44:43 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:43 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1058.435124][ T27] audit: type=1804 audit(1593459883.737:2427): pid=10786 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 19:44:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x200000000000000, 0x0, 0x800}, 0x2) 19:44:44 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x48, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:44 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1058.595534][ T27] audit: type=1804 audit(1593459883.737:2428): pid=10786 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 [ 1058.662503][ T27] audit: type=1804 audit(1593459883.757:2429): pid=10790 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 [ 1058.738848][ T27] audit: type=1804 audit(1593459883.797:2430): pid=10790 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1621/bus" dev="sda1" ino=15844 res=1 [ 1058.771328][ T27] audit: type=1800 audit(1593459883.947:2431): pid=10819 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15906 res=0 [ 1058.792712][ T27] audit: type=1804 audit(1593459883.957:2432): pid=10819 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1622/bus" dev="sda1" ino=15906 res=1 [ 1058.838956][ T27] audit: type=1804 audit(1593459883.957:2433): pid=10819 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1622/bus" dev="sda1" ino=15906 res=1 19:44:46 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000080)=0x80, 0x4) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x11100, 0x0) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f0000000140)=0x4, &(0x7f00000001c0)=0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r3, 0x0, 0x8, 0x0) 19:44:46 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000080)="0a27f6fe8bd6c232e3f661124cb72f7af8b05e861038b732075ba88b86881b570aff5d4814b2801befc0989b0a91920fb0da4479119529dcf611661e8d76ef1edebba43dfc31048688a593db60723b963a139fb0e4a454e9bef780cd0fcb26950a809752", &(0x7f0000000100)="7f5cd6848ac3aa92c7324ee4d93a4221cfdc251fb4593265ab90585c"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f00000001c0)={{0x0, 0x3938700}, {r1, r2+60000000}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000003cde8d66412894451b167fbe5c0363a66241d441043a2cfa2c85d5e130dabb364897b069a81b2bdf4a245af27312fc4ab8163451685b7b38355473b9d600eee5a72bb21cc87dd9846da65d2efd2296bfd4ef5eba9abe1603013a71312f8ee54e3984f06eb7fd1bc33420fe118f1af61c8925318fe0619891e87421babdd08e1a30e97ea21a49e4cb5ea4c79007063ba2ecc031de9b39feaee2524117a93ecc5963a0e7a7c9f3b656377fed5538f749fce24608025cdbf1e45473bb1fd6df826b78a612ad9726cd7f173baf7839c2a53e8f913b6681492d1cff10b9f4f18061386a45913a87164b3fd9b3b0b5c77ffc389fe688265407cf915a31ed1504e716384ff41c239114f09b", @ANYRES16=r5, @ANYBLOB="01000000000000000a000000"], 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={&(0x7f00000003c0)={0x2f8, r5, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x400}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb776}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x55f4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x916}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_BEARER={0xe8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffed93}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x5, @local}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x1, @local, 0xff}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0xfffff801, @dev={0xfe, 0x80, [], 0x27}, 0xfffffdfb}}}}]}]}, 0x2f8}, 0x1, 0x0, 0x0, 0x4040000}, 0x4) clock_gettime(0x0, &(0x7f00000002c0)) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r6, 0x0, 0x8, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x10012, r8, 0x0) ioctl$MON_IOCG_STATS(r8, 0x80089203, &(0x7f0000000280)) 19:44:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x300000000000000, 0x0, 0x800}, 0x2) 19:44:46 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:46 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4c, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:46 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x26}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r3) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='disable_sparse=yes,errors=continue,gid=', @ANYRESHEX=r4]) lchown(&(0x7f0000000100)='./bus\x00', r3, r4) syz_open_dev$ttys(0xc, 0x2, 0x1) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x1000000, 0x852, r5, 0x180000000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) mmap(&(0x7f0000739000/0x1000)=nil, 0x1000, 0x8, 0x20010, r6, 0x564c8000) 19:44:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x400000000000000, 0x0, 0x800}, 0x2) 19:44:46 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000080)={0x8f, 0x12, &(0x7f0000000380)}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:46 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:47 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4c0000000206010600000000000000000000000005000400000000000900020073797a30000000000500010006000000050005000a00000012000300686173683a6e65742c706f7274000000099d6d049d98bdf25fefb3582e15aa41688223b4c34d32efc3a6783e17b1d7134a8be6aea0483aa7b7e8a848e6fc56aa615b1ba41491e1b2aa6c549e3b171e339ae06df1e5521727b2180c467d4a4dfb42"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x20, 0x3, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}}, 0x0) flistxattr(r0, &(0x7f0000000640)=""/4096, 0x1000) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x8, 0x0, 0x0, 0x4, 0x2, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000000), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x4}, 0x0, 0x1, 0xffffffffffffffff, 0x2) clock_nanosleep(0x1, 0x1, &(0x7f00000000c0)={0x77359400}, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000240)=0x15, 0x4) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) getsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000340), &(0x7f0000000380)=0x4) write(r3, &(0x7f0000000100)="9294a4f0cef6ef26bddbef4b5d726505f2f1fcaca2e6ae7edb984f467aa2746fae3772af1277f23e36c1784a262ebfb649cfd7d9d9737984832da360b24bd7ffe9a7d8d23c55805c4f454d06ab", 0x4d) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) 19:44:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x500000000000000, 0x0, 0x800}, 0x2) 19:44:47 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) removexattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='trusted.overlay.opaque\x00') timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000100)={0x0, 0x2, 0xffff0694, 0x1, 0x7}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fallocate(r6, 0x10, 0x1, 0x4) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r3, 0x0, 0x8, 0x0) 19:44:47 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:49 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x60, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x800000000000000, 0x0, 0x800}, 0x2) 19:44:49 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:49 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) fchown(r3, r5, 0xffffffffffffffff) 19:44:49 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) timer_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:49 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x900000000000000, 0x0, 0x800}, 0x2) [ 1064.479481][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 1064.479489][ T27] audit: type=1800 audit(1593459889.928:2449): pid=10899 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16258 res=0 [ 1064.527893][ T27] audit: type=1804 audit(1593459889.968:2450): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 [ 1064.552149][ T27] audit: type=1804 audit(1593459889.968:2451): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 [ 1064.606214][T10897] ref_ctr going negative. vaddr: 0x20738002, curr val: 0, delta: -1 [ 1064.617879][T10897] ref_ctr decrement failed for inode: 0x3f82 offset: 0x0 ref_ctr_offset: 0x2 of mm: 0x00000000009b8454 19:44:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf00000000000000, 0x0, 0x800}, 0x2) [ 1064.648845][ T27] audit: type=1804 audit(1593459889.968:2452): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 19:44:50 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000000306010200000000000000000300000005000100070000000900020073797a31deffffff0400010007000000"], 0x30}, 0x1, 0x0, 0x0, 0x4048055}, 0x40) r3 = dup3(r0, r2, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000080)={0x0, 0x0, 0x9, 0x3, 0x8}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r4, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$KDGKBLED(r3, 0x4b64, &(0x7f0000000100)) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = socket$kcm(0x29, 0x2, 0x0) splice(r8, 0x0, r5, 0x0, 0x8, 0x0) [ 1064.699318][ T27] audit: type=1804 audit(1593459889.968:2453): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 [ 1064.724193][T10897] ref_ctr going negative. vaddr: 0x20738002, curr val: 0, delta: -1 [ 1064.732227][T10897] ref_ctr decrement failed for inode: 0x3f82 offset: 0x0 ref_ctr_offset: 0x2 of mm: 0x00000000009b8454 19:44:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x6002, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000140)=0x9, &(0x7f0000000180)=0x4) ioctl$RTC_RD_TIME(r2, 0x80247009, &(0x7f00000000c0)) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x3f00000000000000, 0x0, 0x800}, 0x2) [ 1064.812448][ T27] audit: type=1804 audit(1593459890.048:2454): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 19:44:50 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x61, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:50 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1064.878164][ T27] audit: type=1804 audit(1593459890.048:2455): pid=10915 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 19:44:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x4000000000000000, 0x0, 0x800}, 0x2) 19:44:50 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1fd05acd, 0x2420, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, r0, 0x2) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) getsockopt$TIPC_CONN_TIMEOUT(r4, 0x10f, 0x82, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x0) r6 = socket$inet_icmp(0x2, 0x2, 0x1) write$binfmt_script(r6, &(0x7f0000000140)={'#! ', './bus', [{0x20, '\'%'}, {0x20, '@|'}, {0x20, '\\'}, {0x20, '{\'&'}, {0x20, ':'}, {0x20, '@'}, {0x20, ','}, {0x20, '/\''}], 0xa, "1713e53c34004abc44a3a293d19a0b161bab6c16d5b9"}, 0x34) ioctl$FITRIM(r5, 0xc0185879, &(0x7f0000000100)={0x39, 0x6, 0x1}) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) [ 1064.958637][ T27] audit: type=1804 audit(1593459890.048:2456): pid=10899 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1625/bus" dev="sda1" ino=16258 res=1 [ 1065.068537][ T27] audit: type=1800 audit(1593459890.368:2457): pid=10932 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16268 res=0 [ 1065.150002][ T27] audit: type=1800 audit(1593459890.368:2458): pid=10932 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16268 res=0 19:44:52 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x2) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r3, 0x0, 0x0) r4 = syz_open_procfs(r3, &(0x7f0000000080)='net/softnet_stat\x00') sendto$l2tp(r4, &(0x7f00000000c0)="8bd42cf1b7db02c1af18ee7a7bbe0ca9665dab0f93810d2b20f6a1d315377ad51d6f92e34e704ba34cbcefc0fa9174abeee8223be39ced8e48f9f98796ca626d6f8665a83ce7abf95b74e6e7cf017a9705c6f32fed4c3bb7f9bb5d761fd6860a5fffa8ced0fb392d02c63cd2bd268a1fa1b185e0692427278621f15725d9ab3f2b7c7cc8ed888836d1573333206fe6964bd009948d7dc3081b5dd2789943fa4ea4ba029aea43e20aa31dfde8255e467bf6045777", 0xb4, 0x8800, &(0x7f00000001c0)={0x2, 0x0, @multicast1, 0x4}, 0xfffffce3) 19:44:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x6000000000000000, 0x0, 0x800}, 0x2) 19:44:52 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) timerfd_gettime(r0, &(0x7f00000000c0)) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:52 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x68, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0xfe, 0x2, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x8000000000000000, 0x0, 0x800}, 0x2) 19:44:53 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x2) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r4, 0x0, 0x0) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000080)=r4) openat$smackfs_access(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/access\x00', 0x2, 0x0) 19:44:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6c, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:53 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f0000000080)="6acf5c28dbb594908f53e15582fd5448ee98690504ea4015f0ba6c99ce51c0712d07c162f5365dd027c74b182ba0c40c1a43258f18859e7fd696bc9a5fb2399883abfd83b18d37bb2a64cae66381c30b417c0898d525a27d21b4c2a176c827aa1c917e0f9745e4063dc60737ccdefe2e378840c90c55d15910db1cdd4a76ac640caeffe495633466b4de7bdd616582de8a2fe72e55d1840b141449a648b23dd07888a9cf4ab27e2ce685df6dfe2b7cd4f3c13610ed9fa956980d764ac4680a2501201a656cc4f1232864976324f3b4b825e6c12e07a1ba596062746bdc", &(0x7f0000000380)="4842118db43dd95c68bc1d44a55951140ea7a8cd2af1da9d048e74f29de78c497464857e6f0c9737d36bbe1909a9a0ee72f7e18a3dcf6f633c53f70924d544af7f8258554add64489e5ab050bff5327dbb63dcd1d3b254bb8a007ceaf45011d98d49fedb4b8a9b8d32fb9ee1cee0ca9bd66aca7d2f4e9b7e2648d07367644c276b5712646c41b7d46dd14503873592b151df28"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) accept$ax25(r0, &(0x7f0000000280)={{}, [@remote, @rose, @remote, @netrom, @remote, @default, @remote, @default]}, &(0x7f00000001c0)=0x48) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x9effffff00000000, 0x0, 0x800}, 0x2) 19:44:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x2b, 0xb, [], [@calipso={0x7, 0x30, {0x2, 0xa, 0xa4, 0x3ff, [0xfffffffffffffffa, 0xffffffff00000001, 0x1ff, 0x10001, 0x401]}}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0xd0}, @calipso={0x7, 0x10, {0x0, 0x2, 0x0, 0xa4d7, [0x9]}}, @hao={0xc9, 0x10, @ipv4={[], [], @local}}]}, 0x68) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:44:53 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x3f, 0x40000) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @multicast1}, &(0x7f0000000280)=0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r2 = fcntl$getown(r0, 0x9) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, @tid=r2}, &(0x7f0000000100)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r4, 0x0, 0x8, 0x0) 19:44:53 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x77359400}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) dup(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xc50f000000000000, 0x0, 0x800}, 0x2) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x74, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0xfd, [], 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000100)=""/253}, &(0x7f0000000280)=0x78) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x1ad, 0x0, 0x0, {0x4}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x4}, @IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x4004084) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xefffffff00000000, 0x0, 0x800}, 0x2) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xf0ffffff00000000, 0x0, 0x800}, 0x2) 19:44:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x3400, 0x0, 0xfffffffe, 0x0, 0xffffffffffffff00}, 0x0, 0x7, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:44:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:56 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @tid=r0}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x29, 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x8, 0x0) 19:44:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x78, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xffffff7f00000000, 0x0, 0x800}, 0x2) 19:44:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) futimesat(r0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000200)={{r1, r2/1000+10000}, {0x77359400}}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r4, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r3, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x202, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) renameat(r5, &(0x7f0000000100)='./bus\x00', r6, &(0x7f0000000140)='./bus\x00') open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 19:44:56 executing program 3: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x40000000000) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={&(0x7f00000000c0)="a1ff6505ed756e9a91aa2fc2fec02af34ec176908427dc0b58de9cb3c05531fe40e7", &(0x7f0000001380)="4d8a261c96d307d5f938ace3489cd353c6b005cde63052e0495f5f9f807915836a5689b6c64d42b3e78922a05eb901acca384b9beff96e72600a4351c623508b8f2dc4cb8a6ec4392ed7c5e865f10fe93861312539d636d82d573ea4201109a7465247f95778541343ea1254f8aa99e690666508cfc9db772f12170e3988e39ec64b410c49ef7971f961577b4d29a36099836173ae5ac6ea4de910b5a0b06813901a7c0713fb401fdca9e7d6889af94a280e5682c804ae9b86cb1f98b3b2178cdfd14a1f7bbdd040e41ef0ef20b346c16f0e7a049b3b3218a480de0e8ed57fa2448ec0e647edd54585f74ec8a4dd609d5be869cecf407b0317b35519c72a09f574e3eff67ab368105b55819733c9f0b1067274bef8b40185ad57f1a1358112baf0808863d702de57183210f7b1f5b3e92583be533abdc5e8b12c5c993b25d5b386bf71a4e9acfbdc801c76a0edf9e7ddd08166a7fe1e38ff8e45ebcbbf4d5513865010e8eb0379c14041cbb96e3b974fa9252d519a641b110fa877ffe3bcea49a9dd3ffee12c898db78edff3ee8ecefe7a9545b1768b4b4f52b152a5682cedd99ffa65bb39a62ea2ffe008c08a6fd936813f17d45f9a4ac09abb7d9c0e31e16879028db3886dc68f0b610a3e6a8fd381cc1ad44c93f288b1c6626f9bf1796a3f1f7c92e13a85abb41d2d1b66910c9b3b96cdd977643a441bba16adc710b50781a63be4dae9eeadc003fd660e86d7dc56987f3035d5e530ef4258cfe0c3a91f21c3255934f6c566180f4401fa1b2a69703f0f1e4329bdf2b5e73ad40f5cb7e32958bf156882fcbb8612a47b1d10cca9fc90911750419d6d510d7e5d5ebaec053568f79dfd7a06f432383a29346893a01bc38b1df7193de4c220a0e04c3383be01a632dbf49edd18039a3148d6b8e569b581f5792ff7509fea97fbdfa6173e1a5d2c3e60d01f3bc57a27179ab8977716253bd11f9f916f7f5cf93d8428d194172088c9386e4db3ae8dabad0f7547a71871cedf0b5d7c64e4f5a1237044c64d2d99cc0e261d3b0d6481131dddbdc594d903c281ef413c0070f99d2de3bc16f91f2b5513d4ec73a45921c5a1ed356109ff308ffcbdacde9889338c229519c09e64bb27e39eabf2a525150d3247ef940a6b8f303d29f46f29de0a98ed528fd09acdaefe00f66631ff0377ad350379edbd553e11c18ee5a9fd00d23967bd434819c21ee07f879103aaaec8a68f159027aa9e0ba7dcb596b17c8ca28929db5eb67a4e919c4ceef4faf795fcf531979241e76de485648515b163c5c92ff7cb84fb8d99ef74f39a62dbf32c1f070e9bcda0ff1cebdf92e55fee583a53bf13e35a05ec8a9c764cba0ba20a30c09dc5f7f36468e3c045b61ad2d269c5be3622acf33232f1c14e0edded8a06f29c8481165ed2944ba72e12bf9da9875db63365c345eab26e79fd273c28e76aa36fd9a5ee6d2bf02fa16b6ce73387bd64f3dc423efb67437179321db04619a42795959660ffa9941f31d6fb30329e7b57ec777cce3869fe498a0bc31f637a1bddfc38b354e49b6bd6637bd7785aa0751abd8d5afd132ef53ffb79f59b78d356be03d0a076441a24705a9e10b45d773499f0217670d93a46cc61310110ac5c17949be68a24f7891feb8da0ba8f17b2ecad7d37c941f3492410c5a49bcd08116ce9d76dab15dc50a58a29818c44dcff48443a9d646c55baa53484e27d8f6066e38a728de8484ceda6084e289344d34887cd51607d112b77236a8af220aab9b0eb6c60f07ff865d89be773b7c83dd53d29f08a9864282e9dedf178e58fe2dfd86e0185cece1e5abc00d8aa4b1dc7cd9867c79cac5ecebf024210b86ba4db35e7364b10a1ebb786a37fb440583d7b2dabfe9ac9b805db264dd62deb40fc196b4002fd6a09553993cd43020b0cfa045b64ea147b291b6f6adebb972b774fc4ebfef997e05f7a905f1d2d25cef837a17a105d8a4a2565ba37e27fe0973e3dbca7039d4aa623686604e3a5d5fc9f5af680d63b222d893919f49256cee98e9720c116b6635ab33a422fb19f63218632807606113f233f2bee5df613c36ba9091d4786ae11ebcab3f5940058b1db61981341dcf286139c6946fec73c38a49a16883ecbde84c283f7105212e407f0ee78365b1d75b49c57bb04f3f3728a5b67512a19c96a49f7983331c92db9d8d10acbefd13712c2c098b2282447479d4ef7052869d8c9276562a4513228e502556e8576ae9eacf482324ddeeab89541034f362a05339d9b1e4acf64adbb997e5cfeff99c3f39db831d0cc9b23463cbc00334823ecc60759ee2018899b5b0d5c03985f834ca963ed73239e75f8a28fa657eca87ebb1e38f31fe1866563cb02b1b6936e6f5a235a89c223f2a1cf022c30e0bfbfbe709cb3375be0dd1db56068ba49c106f1c0373174f0b5b04d7024f09add1722ab54ccc4150fc3b66f0981666e617c5e66957c1f9e33613a8c2fdaccbae2dd71446f58708d6c9dc060d01eb2c9d95f2a2e3b2a785bbb8cc5eb597723a9ab8bbc8048c7074d21476d9855987e9c0be8ab2d2a620ea5e75c0589ec6e613eba4e9a2b55b4c2854fa9e1fe16cb4f96c5e23bd971f1a61b87e373cfc855936ff576183f27990b0de4012bb3b7859f08f8cb8d0b682f2427338273fd019aac1164ebe0de7232f42287ffee2757241ee6081dfa16bc538ea4064cefd78bdd6bc6c7a773946b83f4738e5fda24197757d0ff9567d629b9b901ab25bcadb239f9eef1b2addaaf5d20c592175d866e1205383cdbc41a225bb02e61765048fb70f894319985f1f0bace12d46b450f6b9e49bf9314b89cbbb1570f3b747ded528961feac9f38066932c6c6c29bc73e6fd5b0c95a3dd3f21aaa7b9d17a6b7b5f326ec9c57707feb45f18ed30ff6cff49cf9da4530de0b32875a062a8d4d36ca8e685cea451406f3b3d874f96f9a51998a44203d9f5261db08473ad521b8f0dfc65203f330dc6a7aa54f75699f7ff3c6e2ac5d835e6dac745c9d4da764a0061ea72a10fb704af6a7d5d2781cbf67b43c2bbb727e1c2fdbb11685f4b5bb3927136f9fc26ddd0e4564ef867af306aa9d220071e0c1354d1e2133187776a6dc3ec5dcaeb95a1f35c06d09c655d74c7b896a684cb855ecf04c70cd4d1652965fb280ccabcf056b85ffb1e12ab49e4f7900eca309cdfb2d901cd29a53a7423572e13db2fa45a1ab3c9374bbf3a476f1c1d9e0b9553a18911b0e9329c4bb89eab43c97419c06918919fb438ecee2d67ef4c36d165be1365d5e61402276657e88bf4340188d93b75c52895fff4c6f16ed43bd404cf5d6be66a47b9b6fd377a75ba927817456ff021a1197d13479d5a773e219c0fe781bdc535b0aa5a51eab31f5646a4d3d0555090f1aeef53c63ea6fefd2385bb726c61be31b772109e3775f78c5f1a0aa8cfa2dccb65b3066d80a445e9c373ddebe35884f19e8b65595a202d67a7a657894e1d5384d8c45ba3e255b78d18ff54a7cb7b226ac40299c2dee895abf798b05155e1c41cccfbfa3c26f9d5185870aa5eb91d722659bbc046fcfbbea3e518bc90fcf94a3a12587558fc736a10f97fab509ca44371312bc2e75f5509cad6f8c1ab2432bca3ef5bef04a8a4ea0473baba946d4426c4d341e9f3efd434dcf3cbfde0ef013cfe35052fbf18839e9cdcfafde624c27cc15ef4511565baa8a6a3110c9aef3825d9eaae4cd369a3a4323e897572420593fed03b27caf16ec4d2b980de7eb14734cd2464f9633f1ba27c4580746174a85e71b4d754f428e78bc259cc7c413100b30e90e2bfa7edce7faca5e7be5cbca9a802e916478a1ae2cfd4f7cfe8fe1b26664ba938d06cbfe4181c9405c11d5173f43e5c2e9e208e689fc7ef0371f5a7727fc1d5315fb1449adf00efba44778937a4b1c7ee64497772bd67998f6aa68586fe568ca8a427f62d666886151fdaad104e2c1c2589fcc066d12dfd574a86e63e979f8801c83834c41cc2618d8d9d2082f1c17afc20b079d20ad53c80756784b40c76cfe154954dd4cbc4dbbe0c9ab0a1ea4ecb5eba5a333bdacca0b81a92404f8635f89ab39b6cd4d6c644beb6503c6859e6c32d4a989bf84ef7fba29335db5a9733b3192805e8695e11199af69c82272d2ae1369c6fcb27a796b047194dacfa6d8717b4cc1be597bbc7966e9bd9ad276b0ac847eff72263891214bd2d2e4cde5ac18ffc5dd4d49220f160f7a76abbd05c16f5f39acb1fcf4a5ec167d6167de275a31dafe4dcd78d65c35daa75de6765b42743e5df97374c272e2aea63142a56030a74de4be4fdcd6c70eb777b4dff0a789cd1f1f1fe4813950e0edd9e6de7f09526e077d97c5287e3fa2d51ff05f218a96ba211d49710ca60145b11ded37ee4afcecd653847ba4eea6355d6df2e8506ea563280385180fc88b0ed885ef9940adbfc9740a7a6dd9d4cd43c5c08a74693b0b751cb7202e0769fbdbf1669ea82f91c4932a231f33d760cb2a2b647008a022f7a759d1d17ea2d3651ed177bd59dcf15522000f5a4f359c48491ae3d3e1019cbcc7b78ca31d68e3e6ed8a2f98b11d2f155b9052b59aac695b79b8a2f6f23e0dd3afca7c75f43a974da823f7668b1f0ad808bff66c9e6b23b9fef45d95acecc642a7a72941db4534fcf8fc9ebb6ef2a74451a038dcd55a6e8cd15d9472fbdc258ec10bc5866d7bd925430c4658674655621d5b25ea1e260302913dffaefe1ec2ef1558e9867e4f25fd2fd9f57a68871ea7ead01d31931ffdb5fde9f99581b13a677ad21aebfca77a683f2b07d64b5836d66fed6b82e7ef7650ec60d530c09e226f812214d780dbebb4a2b76e2fee5de3348c91a03b6d70d38f13b3cb38a6d84ca97456362abc5485b3943181dcbc48688ef5bda225aecb5f2021fe9a23c87780de0a0da6b28e0de26753cac308d7d964fb4573f043706ad54832d9ef335f36bb9b482f3adc751e9be915a3ec00ac9cb24804414bdbfb891ba8e6578dc088fef1b8ec7285f31f18e58ebe6f88376553c538bef469e89a5701ae62e2ba388ee4a253c9cf9fab030deb90d8a330793fe0883d8e87e813cf8f8bf034be83f2166c08c5c15607d7e713cbef190e9f668d2578f4c913a5b7fe54ab5ad7d737dbf1c3c992e648c990a65692df64a31b3b3be1e2e1b45f906ac7d26e891fb6dfe7c7f3e103f68f0d4f042040573ec646b4afcaf09176ffbad900ff1a8d89c2a7ce5078f49d55a9db12481371184131a10227f1d43880c7dbb2ceabfbbb1102246a2d2aeecbb7f942bb3477566df9a7ee336376364a521588138b63db252c1354387113e5da18fd931f4ad965b13a98779762f0fa4ec66b4f6eb4d5eac6147913f5a0ce9359a2d613c97dceef3a795e15e69c7a5314b8fbcdd429bb602ea8a2436a38010f8def4b9787507e3eef38917a6b56bdfafde41c853a576c6965497a9a22b84db338080afddc4d66dc33142b240f1221451084b8c3a5420acccae377a44b535368209bf35480fd3350a4567693a5cd98071a321f249feb15e2633df8161718606fa4ed7ae5fee5a0f8b295660e462e1d55ff5f1b7a2c760823d1943d7444d272b906e96085382825fd4a677f3c0f556e20de6e73db6f3145c86e023ac623b461584f0a9bb2d75949133ae619d86fc263015eb9227c2aaaaac843cecfd7afd186e5b86c66ed08ee77187edc9a4243955447726bb938008f1d68796505d11e6fae9a6ea5fd950cc23a897ff79656cf3d085c891744fbc194ddef10381482dd5e1c585e215fae5be20b22b3f96caa1b449dfd54"}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000380)=""/248) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r4, 0xc0245720, &(0x7f0000000080)={0x1}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0x29, 0x2, 0x0) splice(r7, 0x0, r3, 0x0, 0x8, 0x0) 19:44:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0xffffffff00000000, 0x0, 0x800}, 0x2) [ 1071.141612][ T27] kauditd_printk_skb: 38 callbacks suppressed [ 1071.141621][ T27] audit: type=1800 audit(1593459896.589:2497): pid=11072 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16263 res=0 19:44:56 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000080)={0x8000, "f911f0"}, 0x6) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x40, r5, 0x90fc047e054328f9, 0x0, 0x0, {}, [@NL80211_ATTR_BEACON_HEAD={0x2a, 0xe, "0820ec1b94dc5b4f3ee83ea2a29ef7af10083f5465cd9670f1e4d1a33e5a767de1743df57266"}]}, 0x40}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x68, r5, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x18000}, @NL80211_ATTR_BSS_BASIC_RATES={0x4b, 0x24, "633a24cf5275ece1b7bac168b5f3de76ae41b2bc11955009d63f74cc8c73d1b967e212ecc5dab2cce19d337a6aadd4f0475e64bc7cf71022d6f4bf54b4d52b98d00b319e3b4623"}]}, 0x68}, 0x1, 0x0, 0x0, 0x801}, 0x1040) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:44:56 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x40200, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:44:56 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x1, 0x4, 0x1, 0x40, 0x0, 0x7, 0x21014, 0xc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, @perf_config_ext={0x6e2, 0x3f}, 0x0, 0x5, 0x10001, 0x8, 0x2, 0x8, 0x2}, r2, 0xf, 0xffffffffffffffff, 0x2) fsetxattr$smack_xattr_label(0xffffffffffffffff, &(0x7f00000000c0)='security.SMACK64IPIN\x00', &(0x7f0000000100)={'('}, 0x2, 0x3) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsu\x00', 0x408180, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$MON_IOCG_STATS(r4, 0x80089203, &(0x7f0000000280)) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000200)={{0x2b, @rand_addr=0x64010102, 0x4e21, 0x1, 'wlc\x00', 0x27, 0xfcb, 0x5e}, {@broadcast, 0x4e20, 0x4, 0x0, 0x439, 0x8c3b}}, 0x44) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:44:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7a, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x2, 0x800}, 0x2) [ 1071.375181][ T27] audit: type=1800 audit(1593459896.829:2498): pid=11092 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16259 res=0 19:44:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x480, 0x0) ioctl$KVM_NMI(r3, 0xae9a) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:44:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x3, 0x800}, 0x2) 19:44:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1071.474563][ T27] audit: type=1804 audit(1593459896.849:2499): pid=11092 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1634/bus" dev="sda1" ino=16259 res=1 19:44:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x4, 0x800}, 0x2) [ 1071.599835][ T27] audit: type=1800 audit(1593459896.989:2500): pid=11104 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16362 res=0 [ 1071.657127][ T27] audit: type=1804 audit(1593459896.989:2501): pid=11104 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 19:44:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1071.747583][ T27] audit: type=1804 audit(1593459896.989:2502): pid=11104 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 [ 1071.823917][ T27] audit: type=1804 audit(1593459896.999:2503): pid=11104 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 [ 1071.870785][ T27] audit: type=1804 audit(1593459896.999:2504): pid=11104 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 [ 1071.895487][ T27] audit: type=1804 audit(1593459897.009:2505): pid=11104 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 [ 1071.917800][ T27] audit: type=1804 audit(1593459897.009:2506): pid=11108 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1635/bus" dev="sda1" ino=16362 res=1 19:44:59 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000d0601220000000000000000000000000002010007000000e206d227b4306c60175333320e39c2ee8acf441efa1f5c0702c327b4a52ae0d3c2324f28b13904d2162e896ec93a79b78b03e2030f63eb2bc15e8a97bbef0637dcca49a44b86ebc3f4fe761fcd5ba3bd2f7b8215a8817130ba5dc08b60b0ff260b76a8d2217161626546f1290cae8fa2502f12d87f407ef9921a7ceb14eb2682f49917afdc56d586cbc6a6bd57997d9f5bacf0647605a2572f73d6d0ff9fe5a9d9e2fb97233d744acc23ca35b1cc1493d8bfd08d8f15de0be1b739ea3910e32a4eba7c12073465ddbc3039fd49e5dd870d740a8127e7f0de2068443af757b8f1640fe86d306a2da508b67ca2563c5348d31b8498888da0e09818e6313f67e9a91a4e43e635480638340b5927d1eb70817d7ceea7f9fbb094024f2f477f621bcc77996197fa5f09f661a87b5e71dd148471fbc14439a8c09991b55aba74be0ad4689e591a738d6a10a39253efc8ace18b961d4ae9343ab3488713e9470852ac6ebebeaef0ccd9c4c4e9e0a6bf61da5114cbae41eb7a98a7fa41022dd3ba0adada410459a3944defbd7e503d8517e28316841fab4d451e66d2611bfde63b8b9264e7c4343a39ae588e5927f3b8bfdbc96696fce68efe99f8c6889613a677b28a3614f17bc446baed884874a47ac14aa81b9ffd25cef678cecb0e678e1ad480aec0796cf7c8b94280c8bc4fbc05a94dfd919cb094602323233973fda6"], 0x1c}}, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @tid=r1}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r3, 0x0, 0x8, 0x0) 19:44:59 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(r5, 0x8250aea6, &(0x7f0000000080)=""/136) 19:44:59 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@private}}, &(0x7f0000000500)=0xe8) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000540)={0x2c, 0x2, r2, 0x3}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000580)="94dc65d913934a7c78939bff531f03dd118513042d9914174cf4485a03ffa2af8e4f2eb38b04fefd41110dd7024e6cfe0cc84c642ea6903c2828fca71fc058cbe77f5b7782f5e971a006f8dec64745e4456010168227e0ea6b7a93cda780a066dd45f9d9247564d3d9c571ef5ea9eb4637a16f0d4acfe55733924bccb6a0f3332c917fbefa0a1d2d987f920dfb0428cafb1940eaa45f5d66680b863250ea07032c9c5172c9af796aa7347cd329f58128e5ee167afd7eb17edadcaa24afea285f66a9", 0xc2}, {&(0x7f0000000680)="560cd1f434e869ce72b92bcdee66ed3db5219c56388f79d6213d3df1b97f7b12ceb9505532ce1480631a79e06304522d3660f3dbba3dacefe45992063aeebc", 0x3f}], 0x2}, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xfffffffffffffff9, 0x400) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000200)={0x7, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x71, &(0x7f0000000140)={r8}, &(0x7f0000000040)=0x18) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f00000000c0)={r8, 0x3, 0x10, 0x6, 0x2}, &(0x7f0000000100)=0x18) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:44:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:59 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xfc, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:44:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x5, 0x800}, 0x2) [ 1074.273064][T11131] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 19:44:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x8, 0x800}, 0x2) 19:44:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:44:59 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) write$P9_RAUTH(r2, &(0x7f0000000140)={0x14, 0x67, 0x2, {0x20, 0x2}}, 0x14) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000340)={0xca, 0x2, 0x4, 0x10000, 0x3ff, {0x0, 0xea60}, {0x1, 0x2, 0x5, 0x9, 0xff, 0x80, "fc37624e"}, 0x100, 0x1, @userptr=0x200, 0xff, 0x0, r1}) syncfs(r3) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) write$P9_RVERSION(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0808000008003950323030302e4c7898a6a35e204edd2b3251f12403913bd1b109036e7657af41c920133aac49f4bc78437d0cd3a0e8f0330500000005761130531668703dac9d502721d0b8ce06ac1f31d18f970b0d6738bd20ce54fe9391aab75823b876b4262a98dd24613dbc9207000000000000008b31e0b89c52c8d048312d9bafea63ae14187b43ee1ec92083cfb5ac01a42bae5c0d74d1bb365ef78604ed1ecad0e366796d8f1123b26b236bbf8d90f60436c5b062d70be03f744e6a69326ec59a8ab4af52cc268a9816010000801843866ca8da555ab87794f1e1f4578718f07c886877278afc4d4def098d9b47d8901720b8e53883369fea3b0f35ad4e9cc340a93432fc0c6ecac055e614ec5112e3acab849b"], 0x15) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000180)) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) ioctl$SIOCX25GCAUSEDIAG(r6, 0x89e6, &(0x7f00000001c0)={0x6d, 0x7}) 19:45:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x9, 0x800}, 0x2) 19:45:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x12c, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:02 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x800000000000002, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:45:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf, 0x800}, 0x2) 19:45:02 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x165042, 0x14c) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xe1800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x4c, r4, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}}]}, 0x4c}}, 0x0) sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xa8, r4, 0x400, 0x70bd2d, 0x25dfdbff, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x9}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7f}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x101}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x40) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x404000, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:45:02 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000540)=[&(0x7f0000000280)='syz0\x00', &(0x7f00000002c0)='hash:net,port\x00', &(0x7f0000000480)='rdma.current\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000500)='syz0\x00'], &(0x7f00000007c0)=[&(0x7f0000000640)='^\x00', &(0x7f0000000680)='syz0\x00', &(0x7f00000006c0)='\x00', &(0x7f0000000700)='hash:net,port\x00', &(0x7f0000000740)='),#)\x00', &(0x7f0000000780)='syz0\x00']) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000580)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000002063589c1010300000000000000000000000005000400000000000900020073797a30000000000500010006000000050005000a00000012000300686173683a6e65742c706f7674"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c000000030601020000306d8cc474b095c200000000000000000000a8576a220f8331ad6b2d5d19767e56f312a2cef55ce11cfa6d1079e3671f583133a50468080c04790df1e70fe76c4c98d3b87e24788cbb806cdf2a762af0fbe733"], 0x1c}}, 0x0) mknod(&(0x7f0000000800)='./file0\x00', 0x400, 0x9) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000380)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000180)='syz0\x00', 0x1ff) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f0000000080)={0x2, 0x200, 0x9, 0x3, 0x7, 0x2}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r3, 0x0, 0x8, 0x0) 19:45:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1077.417157][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 1077.417166][ T27] audit: type=1800 audit(1593459902.870:2517): pid=11191 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16244 res=0 19:45:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x60, 0x800}, 0x2) 19:45:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x1b4, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1077.484742][ T27] audit: type=1804 audit(1593459902.940:2518): pid=11191 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 19:45:03 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={&(0x7f0000000080)="5e29a14994badd2bd8c2aba284f111d1143e03315ae62353d398c94f29b17c8360b2bbef34bc3d193d270b60d8daefa18a7ac31165a37096dd3bfc1204eb46064117a6083caffb0ec6b8ab554aac20ef339fd1e75b2af573c2faa5c0a2148efe26d34cc7187b463447af524ec9c4e11a63ab8ede7f7d27b02ab6d191d0aef8a6f50376cf40fab7ac3a4945a4510760c7bae61985edcf2eee53", &(0x7f0000000380)="9eaf50c1abf13c3cbbfd8262c5bba9fdafae0cacf70843cf794a481a915d37a73f53005e6696fabb26b4e9cc1657d944c140883aa374762b650baa51c46472da10dd48920d4b883316aec7a934118305bbc8bff58d4f20214534fd50660a160bb4e5a24341e95800a94cf493f656f1a752dee8a1d9188742c7d941192501ea0328c1b6177997637b7b75a7522260a7d1c44ae972df6265a76ecd2ea8bb79406e7278365cc48d4587103792f968e692671c3ccd9e332aa8fe67b2586d009185968e7102a6415bd6f2dcbbbdf7d623db2df3f48430f06a13d1b06e8230705d9c9c8bb691435b0fe3d75104db6c338a32b70911cfed431475217478f3fbc94e79d075269fb35936f5acbd8604ef76de5bef9763b82a7580c575e59e774bdfcd3326d6dd0375e9df995862283cdcc79218ac398edb04aecf2115af4d3c60408b5082bd06b331920d9685ae97b8157f227de85867d05a34dc40e51433a835b9adf5ea2413faf39a91b8282e49ae0b414d19ce8ad85d2efec155372a2076e58fdd890168d1ee84707e7c9b323326daede1c333ae538ac32e44f0a2a3ca63871f93773015e006b0cb3dc59b813f2a86702dc075f83438f07817807314a45645be39ac3f89c7d62cc8d5743cb945de312fac330a889f4317e4448d30d9ff0e9090a07204de7077e4e2ac5a488ded87c0577bbd74777b571bbd1e20487ac29ab9a82f9c37a34f171004ea1cb2d17086bab374a3c37c9515d2522a1d50d6b2fac7ea1b9ffe042661defdc247def02bd2befb321bfceab8f7662078be18d58ad967939824e95b3235d108249f610f66fa76a98630a2891ecd6e17ab938355dd860c7ceef41b98a9287c4c7119fbe397966ef163aaa49931bff1fcdd60317376633f6879f558228a36c4c5f87d7bec14ec8d3d68224b42f10c92f8e7aae2a6dc85ea3e5fbcd410f7e5980eb77707506b749799a29932f8d5d59400eb5f0acf7e8f90908639745a9a7779d9d0172abf09374d9bb0e1ff1d7269b0444f173b16fa5f03321aaf5bcb3fb6bcaf48c009a6805231f13771374ec8e257474854c815bb96433997ea30edadd71ba903a6307f0dbb039f3a96b97470ee4b3bace9836429dd874b380b31357f3b562d281cf90b93aad0eac54992f2885652491093f84d725b431b97cea7b27bfc5375034f101cb1f70cf2c5502dfa2a1f79e57e4613d90362c3c42256a6c828d127a40d57510a59cdfdead8de8c7f50d39efd12e7fe9a5ae2763b248981829ca6a9d09536c35ab0522ad280262fe7fe8ee593e60d2cc928742c188deae051f5229fa08f6d587a5ff2040dbc48143be1511a754f9c8c3bf9a12d448e8dbd46f2c97025b9148d537e8ad1dea955c34db8c9753b2f08424a36efc72b25b149d00cf7da2ec1ea4a6e3cd54ce5f64d5eaf5503e500a0ea63d3090871c4696786185579ae950ce3d5073f410770fa0de264259e50332a76bbd5d6527a3d4c7920804a9cb620b0e9a2c9425b0d337e4293d17897209bbb59f5f919243b705dca27026a6d39fea35821e6d432b3bed80c46230997ba71964ccad2b76a9f3c8ffdf37d123b24630230178360bd153768e6d33cddfa2451c15d2d040420b71989d6e2b3e02ed06044f0d82a6d18dda8572074397a03c7218eae0b4e3317e5c3f76a82611ccf970a32471d93c49e1eb3492f74fe1f643a4b3412c236006b6ef301d8e0bd635d9e8c8e4a7f24d2689290ee3326ef05e4c54d86ea8703b7bef24bd402784d847c8e6eb9abf55736c32c2f4d70f43add9ef0c1d9a39127f42713aca1cb5d5595ed119c78a83bcf47a1a1145d9b605beee97a99f417b35397d0d28da96f677ddb9f78214b5436c50d23ee2a1e4b9692eafae10638eb009d28468e27e3da0dd3883546685bc400764b4b1572e19419f0e5c1b582526c6edc7c176c4ba908f9f4fb2540bd18c7ccd78dbb0adad34872646c5d76d14c86954161e7094e429a1c527734284c6ebb68c1afd50a7d621cc86b0a3377e1f43d3d4a86b0347577ffd3ef35cd78cb719ecbbc454009ab142464ad8095b51550462121f588634109eff89cd0460847a2861d1b03fd5646d18e573091025ab0748de5d90648a3b61a6fb5c395afb45a834a453856e290737203e976dc6910747be5741dcc63dcba1a2ec1ea5c7c3f7f2f321ef019f834d0f4b6063ea7b062613905e3347075e52fa21be153245e0f33ad816a31de69ae7ce36dbc1f4650dba72a8e9e6db4d44e13dc671ca289c429a2f1825a3d72742b8474418a63d66d36e653bf980a7ebd107eda68ac6e6a9357c2652773ae1e838867588c6c1f924b596a34d49ca22a07f85754f3c8bc01237e26baef4fd89c6e1b8890d66b94ea98cfe3a664b482e5ea4568488a1e32d843321b391523127d396f0c81bd22dc87ef3f0e173b708327e57d98a908a276e8a5f9b84668ca81df0bbfcb28dc2bd597f498c9a4d08a213cbb16e01cb441385f61629fa04cb752f2e3f0fbd78ea92fc65cd143088f98794f3ca587ddf4650546737342bc997939bceb1626e98e2ce14e97c77391f1681e5c87eb36a8d5746a9c453df0acb829b69c0306d462c90ae737e9ac961e358522efd0b4827e5bba419cd5be94521fe5d531e1049c83d0a2fa417986024682a94e648620cd4fd2971f50e80aae8e8e8fdfab1fd16d1a3bc39b58e42d4cd9197b0a7ef11132d6c00948be0b6da4bf6a99aac6183216a3ea86b3b7e229b612ba8c781e2a95fe629ea9f3c930012ba8a6da00cdfb5d27fc617a04f48dc58587a8f2a02aea8418157bb21d02c7ad57d6e313fe3e31c050e11b6c0ed45f76463fdba92b69e8590265442fa30abf4107850c913af6463979fce41f4b6bd74356dcde973d02265867faaa7edffc3f2742e1d34cdeb959e7baac42a1e69bfc88c489ddba6fc11f2c1f16e12bfd2856de6af9af0d6b1cb3cebdc40006056cf7f5b17d919230fe40ba2044188ca097ec442fe0636ddb048044278567d296aaac493a7ac73db1380e9b1fca45bbff7780f8b5346473c3479956158356113ecfb34943b472c3ff55914f7489fb8fe8f96817dbce444b5a742c6df59f93e0509999b398325dd84e7f152c0e7ebf8d0f77e0841b396df7feec4aaf0a40ec018061ff1654ea40b159bddd79378fa9d0e4984c502badfa561124b351dda4829a45695b32e12c72863e0637881444aad86d31528531358eb4469a8470ead9d1d9193cd9a3e76c398f77243cae81031b17f88f9ef27c6c00f115767233da251d8705cf3c4e3f7e525673c437f291c24fb98a8b95b4cf2c545f997a81ea55fb41b7c2f1c120833b84d049273393eb7105386567ce9796fd35e48513ef3c91afed4853fc682f4cbf79dcbd17a908221beb6d19091eef06d3f301f99c4e3485adf72709963ff48aa69c83cf4b32d0ffeaf7c0ae830ca4f5fcde2860035b65b23d94e3c7d2a5fe351153663a2a28afeb515ad57c25582e05b818320a3083b1b0df20bacf89fee3cb9de3bb5c840d17ffdcd70c52686baea5e37a205c788f4b9473534429c9c59829442905d40236e5289daecb5950d7fff14cc61d4d57384e2bffca5d8f4f5b0998ebc206d3702f83d38883c4a3493d054b8e463a5c728163abe27e1f0b86552379255ea01bfffb8a4955d73a89cd7c932422925095a58488d3ad2e5d8ee901dcf3abd680c882d48450992ae5c18232c8a68fcdbec79060ac8fd09151a43caa2574759472e7ac6c57373c2ecd459224ab11200c579617ff64b464bdd1091592e379e38d62c218c96e4a67d9f44f6075aaed39b4089f8319f09400f0fd2ca579be22878f0f27a1bd7ca9cbc9347ab316d5de997e2e6abb6f4f355324f180296f92a8cdf5c96b18cca27cf69a20314f82b3173010a603f6db239b55ed15dc06b2ae6318a77a75edc803d590023b3e91e0a0666d8f8379016f2b85bc7dff64f2036f324f24159c628346cdeb8cdad570d4764205e3c0f31d203ac3c08a0326a36092f08c3f9ff73aecb9f355b363b757d680d0747b6fc4ce51d92fccf01ca4e4ff5dc097a9d056cc2d99cc7d859c8fe06f3211825f1d1a4df3be5d217344219b261a34df1e44e2043fe1afaae789e0422e27917466a9e959df477c54c3349c81e1632a6377801cce099026031e475c9eca610fcd4227dd44031e6a8c1f9be61081f8e5710afd2fd21605629a385664fb3d10bb576b142316dd4e2c97131d31e3e3639558763c4614c3916b20c03dfa9e1876669bcfee66ba4c5250741da3b670430c5ab4b3e0f236c6db0d93159b99e9aaa8ab4240087dd1527b406a73c90de49016b1b9d4caaea2b05a7ddf91fa25bc2109274a822f4520143425eda55b64d353a01425c1404501351f179bcddd6c915206766aac9c188686802d469adc2c7cf000c5f97a5071fbb47a76de97496c7be4f1aa86b4f6278f1b599897da15ebeae9071ed389328e4ad0c647e0e6168d5fa071a97b1a7bb66467eac42ecaf3103666a84cf01582a9e5e3299c548f4d0218150586bcb30c25a156dc3d5561ac305d7bbd0ce64d0ba9b1c853b89472e01e18d92787b32fd28d907fa6d5f3ecdd920f21b18550ca52c08f6d158b5b6459b0568ef483a1b00c53457877f628f1ca528d829159f4fe91072f2897b929696d042b1b31460ebc52640c265bdbfe90424113a7cc2f3a5168a93a4efc460a9fee7d23b96fb030e83e861df2e5aea1d01123954fc9d71d14ed4712c2902ac00ed7abe6876ad025ccc4362124d07504b0a9e31f40b61e1de42289e1895b102f81d86e0d1d566d557df451e1263a36f4ddfb3c70eb1740cf9b5159abd6e8442572af85c0612c0c02947c50ae849487d2e40dbaeef190fee91b11b6a31e5a407891814be6b6371dc760da51fbbe13f58c7033320276d59d308d0ad9533a235ac3f1f08c9f908c406c0368589c7025752cd8937c44330e07a6f812d6cc722f50bc7dcc20c136b325ecfab4aba0d6ea694e9000da91b9b857fa21ccdb5dd69f7b14704d681cef915f9c1bdcd60a4e9223d8c54f7e852301a2510cec257a1188f61455f53d7e2362249a4e747e87897a935a27d1d160864ec7266d2f5349ae5d056edecbb03c0bb564a60b7aa7946413054763c448eff3e11f8305bffafdfc32638ba04a928ec7ebf85f2561f4dc5cc9c584f98fbdff23ce1042202b97023ca41ac8ee03b75d791261c3fee1716ddffcd6ea80d783d8607551ce42da7e85ce9b2f54b0509e0cf467faab8534973c234ba1da55bdfe3be67c319718d2d5057535f18cd6ddae17f3215b5127b599f4acd2bb34d8dddb76a6ae60c99e91b22863b8065c4366f31cb5dc8a2122af773eb7365d1ab08d03866a82a33b6ea4998fc9733ef89c9219ef9740750b07476e313a14f4dcc1a0abe4dafc78ada8c58e9e5e072795b9e36858adabb4d223997da420e67be3f1e8045f30a9b3eeec0f04ec9c14d6f7b3d72760540af07733c075cbc1a586f638315932ce65a9633813aacf2b1d3c6fb568f063203af0dcd66acb2059d731f4cde25d395af62549c7cf9b42d9a2d3657376b2776ed4fff981a64889e7ea45eada12980726503075b045f333fe09bce4c12cbd0a43309a1e9279fba25643a0e0fe936fdfc21385dfcd0f152198347b22b3c4ca1c9254d2ae8c69b3fc3fac29cf87124e9a2e34f0f6a2806070ddf0f72de45d9e3ca2b3b0f546ef4037bceb8aea69fd55e4adb4c5a532d8529699f7afee9cfb74b9be874a0315bf9f58a2bf00af2bce9490c534700215e19aa85494d8e6cd4e"}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:45:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1077.593287][ T27] audit: type=1804 audit(1593459902.980:2519): pid=11191 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 19:45:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x300, 0x800}, 0x2) [ 1077.697750][ T27] audit: type=1804 audit(1593459902.980:2520): pid=11191 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 [ 1077.739285][ T27] audit: type=1804 audit(1593459902.980:2521): pid=11191 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 [ 1077.847344][ T27] audit: type=1804 audit(1593459902.980:2522): pid=11191 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 [ 1077.898143][ T27] audit: type=1800 audit(1593459902.980:2523): pid=11191 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16244 res=0 [ 1077.918686][ T27] audit: type=1804 audit(1593459902.990:2524): pid=11195 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 [ 1077.941636][ T27] audit: type=1804 audit(1593459903.000:2525): pid=11206 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 [ 1077.965512][ T27] audit: type=1804 audit(1593459903.000:2526): pid=11195 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1638/bus" dev="sda1" ino=16244 res=1 19:45:05 executing program 3: timer_create(0x4, &(0x7f0000000080)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x3, 0x6, 0x201}, 0x14}}, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ae2f0e20b0c5b22ffc0e399c1da3c16941594afa7b452c157c825248f50cf56cb582dd0e8b58f1ff73ef1e4978a5755b1bf43c36abec98508b17f7df3c6d1e07d7088c75b92d6114b4ba1e3038056f0582c5d1783506c9e92584892e1e6087ba1c7a784257ce72efcb5991ef76f1a94b58da898ff88d83ef45072a809d730e8238c90cc4ea7a", 0x86}], 0x1) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:45:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:05 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x1f4, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x500, 0x800}, 0x2) 19:45:05 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/current\x00', 0x2, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_disconnect(r3) syz_usb_control_io(r3, 0x0, &(0x7f0000002280)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000280)={0x2c, &(0x7f00000000c0)={0x40, 0x6, 0xb7, {0xb7, 0xb, "ffbf0ba584843521ec73ebda76b7673fa9f77ea8b1e2711f9912e062d817d8c65a169b259a5d1f9c0e35daed278fdbf5854a240f68e5968ea60ebf8ea9fa2087f7151b31e2786625c71dffeb70d44b9efd11363df3680489c643a2d7d6ad65b372487d314a16f4ce072a83a3c06d84af68dbb69400ecc9f4ed8484000ab92f0fb2d21e63da64c10e3e5a17b435cadf9f74ca8fff385d52a267338f09c0d78e5ce0f5441f761554a2a08c4ca775c44854d585d4c51a"}}, &(0x7f0000000840)={0x0, 0x3, 0x4b, @string={0x4b, 0x3, "bbaaf5744e4e607f60ac2c48fe937d94589f8597ca95c966a0fcc5be29d0d4c306a8c2cc146599bfc01a6796c22fe706c087cee9802f3ffc2cad9779fa171f007354ccfcf0de040d3c"}}, &(0x7f00000001c0)=ANY=[], &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x77d98133b895da0e, 0x65, 0xff, "15330f27", "8668fb09"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x4, 0xfa, 0x53, 0x4, 0x7fff, 0x6}}}, &(0x7f0000000780)={0x84, &(0x7f00000002c0)={0x0, 0x18, 0xf6, "f2ed0381ac22f5ec635f9497788f3d6a43ad817e2fd0efd81c3dd4f0776031a3017404f2e6ad7d84534053a8bd65e0bc5bed4acc8f3c893848af75c4a611cf447616ae521e5fd31a8c255663243846f2f031e22563548c2fb9e9dd82aef1ca44e65e19f819f09105c2fe5461bd90f774619a84e2fce36f9e6c8cb78d49a24dccf2303d9ead341afa8de054c011d235d62f5ac415358553e3b27ccf6d428d2a34e258813c9a1f7f56ad0b41655f7984218a9a152f9fe729d69a51a7795931cccb58a62e8123cc34b99cc81bc136a238d63b5842afe221e17fdbd1e0ce0feb2a6f9fd9b89b1d41b2a0703b1919961ada2526adef149d55"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xcd}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x100, 0x80}}, &(0x7f00000004c0)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000500)={0x40, 0x9, 0x1, 0xd4}, &(0x7f0000000540)={0x40, 0xb, 0x2, "f2f2"}, &(0x7f0000000580)={0x40, 0xf, 0x2, 0x2}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000600)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000640)={0x40, 0x19, 0x2, "c2a7"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0xfff}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x20}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x60}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x4}}) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x900, 0x800}, 0x2) 19:45:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:06 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x6, 0x600140) r2 = socket$kcm(0x29, 0x2, 0x0) setsockopt$inet_dccp_int(r1, 0x21, 0x4, &(0x7f00000000c0)=0x401, 0x4) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) 19:45:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf00, 0x800}, 0x2) 19:45:06 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:06 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x230, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xfc5, 0x800}, 0x2) [ 1080.731861][ T3840] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1081.001562][ T3840] usb 1-1: Using ep0 maxpacket: 16 [ 1081.131659][ T3840] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1081.144618][ T3840] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1081.155322][ T3840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.165810][ T3840] usb 1-1: config 0 descriptor?? [ 1081.206518][ T3840] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1081.404977][ T3840] usb 1-1: USB disconnect, device number 11 [ 1082.391384][ T3840] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1082.651331][ T3840] usb 1-1: Using ep0 maxpacket: 16 [ 1082.791424][ T3840] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1082.804255][ T3840] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1082.815157][ T3840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1082.824581][ T3840] usb 1-1: config 0 descriptor?? [ 1082.862048][ T3840] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1083.063495][ T45] usb 1-1: USB disconnect, device number 12 19:45:08 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0xf, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:45:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x3f00, 0x800}, 0x2) 19:45:08 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:08 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x240, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x4000, 0x800}, 0x2) 19:45:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:09 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x420000a77, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfffffd88) write(r2, &(0x7f00000011c0), 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000001140)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x77359400}, {r4, r5+60000000}}, 0x0) tkill(r3, 0x1000000000016) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x6000, 0x800}, 0x2) 19:45:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:09 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x264, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xc50f, 0x800}, 0x2) 19:45:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x34000, 0x800}, 0x2) 19:45:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:09 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x300, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x400300, 0x800}, 0x2) 19:45:09 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x1000000, 0x800}, 0x2) 19:45:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x2000000, 0x800}, 0x2) 19:45:12 executing program 4: syz_emit_ethernet(0x83e, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0x0], @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000001", 0x808, 0x3a, 0xff, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], 0x0, 0x0}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x26, 0xb, "a78c791153d5791153d5dea6b259b8e3cd2c8038336823493b87aa0568f00b1c71a8242373243ed2439adc07df0a69748e254c1e4a8a8b3f0ab0c430397754db3e340a14a2a1328c5f93037dc1435c11b3000000008419af736b41e5a8"}, {0x0, 0x16, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283d0dcd52a6de228bf697d3d6506afec30ef7e07413c7afc1eb139e0fb1a5a643b4099519e31f3fd4457f0e6d586ad05e1"}, {0x0, 0x86, "062bf7b5e0f2dbbdc849b90d4e80a0e3f7af088060d01a1cfcfad88ef4512c6ef5c0ead4b9cc87484b106a060a9899d50f595204418f51e914c88c29078a5457de6a262cadf02b071d88e61703f037caded0b315701274012fa532ddd69499074e1a2df196e0afcffda08fb3d82ab8160253a47d3efc3d7cead55c28610ae20f69aaced0a1a6ce815344cf8d0bc8a0dfcdd1e8cd7242601777ec653c2d4b704397dcb1350982afd017eaa630c840d71589499fd68239ae0c0aa2fc9b949d1a716d40a24f078e92e8c268ff726290944b5f3a3bea9559f2d2a51405fba224411ecc49544dea47917a98bf79c3bfeed70429abf70a52ecbda21c9bf0f6a70cd2c2c887391e4095ad22b437c60abf829447b47bd231ca2a98d9da7519a4bd28e803fa000fafc0dc453ed56cdf4356d7abcfec4eed0b94a4f78ce44a7177c6684026ba4f26a17e52e326c8bb7be5e2ea5780d7169d8f4ff62cb2b223f1d6221f62e0ee0244d86042560edd36853c464b23be536c65b87cd5ea60932ed90607b369ed2017f645afcb5cd07f6896a08473bd5dea2bfb52ac501a39c338ede985aa4a7755db876cbe4d944f3cce0079d2ad9ba8d17f01a614052aadbd4af0fd282f594dc4530ee49b6c9ae6d5d80a073e678594be2e2f0869baa2a58dd2d0f6a995fb706c4d1b618d57da1c2d8f55611f746105a947b4f6bb74dbdbffb1b3c1f2316f6a28a07f0145b1bf8345b6aa4e9d5a819497856792121219ea151c1f8e2f86356439bc5b87fe4cad68b6afa08687e6e751803865165eac0c34bdddae1bbe52f55d08cc4a0865f8df372635e8a26ac4ac9716a124ac4e83349f17b612e2b1893b5eaccecc7d812bb4f4fc6b313f57c2035a90f782a4a97b5f5309b6c5798d72b9187f3d411e84041e3671fe35e39fa1887846721c38d501b471990b911f2d81b061081c31a843d75838c1aa4ff0dabd74284709f1f87f324ec4f56eacd70e6bb5e9c3ff719786c4d4284e4cfdc828e0465ca168d04de1d8e884bc31006c112176ef3f8cffd1ae383cf5ea5d60dbbf4a74c942541b8ea4ed6e510893cb83ac90b7f9e15b7dbe796b45f3c5a5e27b01ca46f9b3c876013af4bec92641513fecb7ccefd439d56e21a4fadc52148e821ec4d1949f75a7f0e0f11f537dbbab42abc804b49bd485505def229bfcd3162b90af3d87751f50c06541fba6e8d6ddc0d16546d0efda7eff96a819048e6a1510ef673fc6fd5a9fa64280eeb935bfe8f91b503941a5676c48d6c37c900281e275fc4cdfc843c86c149a8bb8287d2c14f174888259a1b264a0a79f708a0a5bb38071103c9e632a8be1523ad6402cfb7aabf222312a085628b7ed6d712567562753057b91cd677498ae80183ea868ed52d285dfce7e611a3adfab21c972002dd747e58609c1caa5cac1d9dc393dab20090c9e3147388978e20192c3a319023eb5a20bab5b180b4dc2000000000000000000000000000000d66ba95fe01535a55e5b84d75b"}, {0x0, 0x1, "b20360609ee68487"}, {0x0, 0x9, "c139276371aea9b7cdbd32b0a978030a03d23d9fca26dd1213e1010898b256e481da1018059f850b91347107a9dd38da31c1a16267a090b62089ee0d776d581b1bd756ff9010"}, {0x0, 0x4c, "54039a033f4f77534f4bac9b017e6f036a3926d6f8fccce6346d4b2516060f8bd635c5865582d3719faeec25f880fc5389a4b89149982545ca3ada77fa9a5dab4cca6b03b34b5a1cedd01f84a8e1b3c6a4b81ec194d3614e6871868cb3056fa3efc3fb593c6b253a3cbc359c648545203250cc70142ef9f25442d254391a03d44e148e9edd7dcc853d258bc2e88e31651f6eb8cbd4400f200c6d949766494a3890cbbd8b7ccc097f6879c8b2daf199ff9ff030dea73f14d75feb2384c5a840dc61c808a392c20cd35f66210b705863bed38be4eb2821f7f904a17ab5c1d36fd200feeec9091ffa2b1515aefc87f1d5e24c3e57eba0932df5962e8beda60998d42686563b56239930af024a0b7ca850c92f0267e8b52e3891479d2e40081202f256f698f6c88c0d6a0348b58c84668341f5456b108dd1488f528423d569131c9d74b37a55ddf0c0b33b8773097104cd9f93f05302af7ed7bf15f8160bdbde75102d2c530e5dfd3186122928c46e933adf2e7aeab562ef9126a35c60d550dc34af969eff4168a35d1cb22d52b43b5c73c84e6b5688a1f47d88cba3fd4f2e13ead5a1ca9d2b52ddab1ed995a75baf025bf1a37ce5ca0ec73d5012c87981839a2d62e62e4acad61ecb3f979f9d26e526472661e888d0f622f8f15e1f3b63f4392b37810c1fc1800ccff21bb5c5ad062ed1557b0ecc2d92a6b11bd6fefaea38f79ae0956fcd2539e92f5b6e6bab73d96b4ddf955faeb9ac05cc50fd6d34fbb5f5ac5bcd014006b2dc0c4aa4299e37d8bb69e6733107b0fc681118fb37babc35619e5e73b6e7ce772d61ffafdc72314cd66b38b94b0979e5ee382af539c2a69a1f"}]}}}}}}, 0x0) 19:45:12 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x3e8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:12 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000040)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x4010, 0xffffffffffffffff, 0x24c07000) ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000280)) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private0={0xfc, 0x0, [], 0x1}, 0x4e23, 0x3, 0x4e20, 0x3b08, 0xa, 0x80, 0x20, 0x2c, 0x0, r2}, {0x5, 0x8, 0x9, 0xfc8e00000000000, 0x2, 0x0, 0xe73, 0x80000000}, {0x7, 0xa95, 0x1, 0xc5}, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d4, 0xb6}, 0x2, @in6=@empty, 0x3500, 0x0, 0x2, 0x7f, 0x23, 0x8, 0x8001}}, 0xe8) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x2) timer_create(0x6, &(0x7f0000000000)={0x0, 0x14, 0x4, @tid=r6}, &(0x7f0000000040)=0x0) timer_settime(r7, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) timer_gettime(r7, &(0x7f00000001c0)) splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 19:45:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x380, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x12d) r2 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x1b29, 0x591401) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_notify(r2, &(0x7f00000001c0)={0x0, 0x2d, 0x0, @thr={&(0x7f0000000940)="e2eb2ae757574c5cf4cc657dc620e0ae32071647e113a8811e29dea9a0e7154057779741b1b9e7a85ee0c3ba5692fe8326bc2087fafabc9ad943e487945e3a0e1336cc718fa4359d5168823787691df05a01a7beed6e2e5ecda928be0a6b8f1cf94462c7ac960afaee3b35f849882051ae3f2f9c251f601b60064a43c5e3d9c6ea00be0191d5af34dde7a46901a096b46685bca3325484b21deaefb6824d1149193b83b30fa7c15acdea92d94d7e3b707a960758faab06ee0393d2379071e933fe7ee759a24396bf40cd7c762a86b8074f1124c9b5d230f056ca1a4e7afaa94b629c92f7e0f067635cba8ba2776cf6c64c5a0cc9abab6d36ab5f5fd234b4ce293f71c25dd2839c058e354eb1cb7cf968051d275a03d88ef2c150b0f6fbb2f0a96a2bcb559988ffcec1abea6b9f209b444e23cbf33e81b061a704f8947ab09ca8462dc79c9137985f2a1187388ce66df30eacd809e0887e1d7898ba3c1e976847e29255b17ea47784281ff16f044600bd52799293ea5a267228129055832dff4fde6f742cfe99dcf18f0aa13c85149218da75aa03a028825e380c33463a85f16d79e0f93dfc480a1ffb1c0722ce17ddcb59cde97bb4bfef05b0054370b126c7ecddc5eebd919534ae20a01161553351845675d7b517799ba21f0531731405e81f7e957646efa9e51fd36af5b1556424a50f8c4b6fcb1eeb9f6ecbf1fdf077a33255992a2317a6d3a442e58aabf9d78955e7f2c18ae7fa99cc7a45080c29bef07f0ce7f6c8222d1285e1e4ac328e967379e32773a7a92cf70315d3a13ba24d31fb2ed7afc4a74f8d9dafa9aabab5b728ff6a844b46ab67f3c4669ed5fc1b10ed50de399330612de472e9dd16805dff459b4ef8d937c4262696ad07c891561a875735e9ba444dd2028552eccce7e881b0250bfef66f26bb34b5347492369ac022a54fa7e739a7d5c6d4c7ba44bab058764c6f209ee6ac2aa7d8c923da118d5d34d60fbc949512bfb9dd41e6fe8cf8d277752c0c6113ddf2b195b56ae3d6442ef93b841476698ac7ae7889c36f3313aaba4fa43a38a99a735b030ac22177ff67ae3ee193405b178d79b98901a43e7b2be71ec85df225cf1d94d637141c1a1ce30a87d3ce4c64cd7dbada9af7bc3292e1c5409030b0ac9a521d694ffb32272c38e1d516761e5397108f54bea07518a799147e553aa15b70158638fc0f7bdf6e84e168712ce21dca486c82fab54fa1781579f36d06949708f020a6c399d411334da8b0c61a4d73bfc4f5e742987267b1f15ed67b01ddf9c5fe33aa894a8046978429f653d29b88a7bf1a5fc6bbad1e1d08b3315228b0c8c225f23e6c82f66252189f58dfc5d21c8b23aed0f7ba93de588d1b8650a24f7ff03831e2efd23b81b9f82156e5a13860adb9e3419f57a769ead746d4b12e1717910c25e685bd0aa9b80518332f9d7734f1a593571f11e4f08fdd33070bca0ff41a069229becc7156644217c4e4b71b83bb04ccb5764875714e6e6760fcab8363de6820d9e0cb6ad1387b0043d50776a0568072f0d444ac888c51ddf06261e6ea7283b0fe1faf9d65904bcb6a18805eb80243b9c81d87ba75b6f8d9c95a33b6c9186314e7c702c1795f699585db64ceb6c41b75018b6fcc63a7a6c78cd73ac1f79fb6c80abae3d315b5e3ed8cad2ac58549529be353330436fec084937b9e1946f09b8381fd9cb7c92e0b59926ae65812f5a698dc1c8203536198b3ee51b8fc9743b1ba5cd7c04ce9f8dfe5516f0ae69d51f3bd83cebbb923026a1d2d55dc105f1ce16f17b5318d42290d7d967c9868beec58e0eda1c977ba022e528754cd84245f997d5c7bfa22714ec3b343c3a06021b3d4e4d30fbc596a28dcb844d146caf8766c9981205a1fbaa048a9eb7473140e2a8ce1aa9c4ffe7d7bf2caa57e0eb01114b1837cb3f5bcacf03a8fbe84a2bdfd77eb3c39ffc4ed1990776994c70aa62ed6971af1dc3aa2d758c17fad97a7978447d23eaede8435545a25a926b58b106909e284c5fcbe96f99b887cdd02f68e59072f0b86aa2ffc7baeca6242c74f86369acf8a98f2cf1373bae028f5bf5ebce38e5d1d7d364d3e30dfa7fec698fe7d6102154d5b75f19436a10a487a089e2bbb5b3899fcf54a27fedb57b660524d04ab9b859e46ce4f0250a72c607000f065b71e374036d3634fab4adc3ecfbe2c612ae4de974d6f982ccad2a187314d26e90f470d6975170fd97bff694a04e513205059e5b6d4a54b3d136249329ee509a678b159ad38d9c7c40991e71d5b1a8c8aa61a50736667a6f8b7839425fa42f643a2b6a809a38e97e64c8923419b889396d8040a14fa06701a525ba83c4e4be38e6132a24c903952acf045bf227c591b0b76ed67ac1e7a49556dd05a687f2d2c2c66e97bd3580aa946224b7879de3fe8e000dcb72d2b3648958cc67a347ac22507887a5397a81fac44ca6b94a983287628d447a344e480f7c69d9a742cd92b66b5417c7717d9ca42543bdc69961fb5ca95cb71234254e0c960dde2c8e4648b18d24efd3668f27ad38500102cc0dc0f19375552a1b83dd28b2c7eb6a46ea9b5163e57d17cbab4d073ec8e628690d8ea49bd2dc0026a413564f8d25ae5baba0fccb071431769858f5f6e407d8076877af568c3592171636a6709ed160e7d99f4824a77fefb3e1430de61fae6d51c79c7c71aa23b3404859db009340f3d66043be8b54aace9de24b75fdb422e14ec0d9416db04cecb246deb590c4c38efab96f06d293603ce11486d79c7d1609bffe78dde3d40186df7864ec755375cda37fe80fde658eb19f12cef246125042f0ffc846853dd1f944474e2c1849d8beb42402ac0fa6fa685522369b54c20c2439be2653bcfbe24003c1397613befc45847991643239dfa7daaed84dc440ea8440bacb3124e6c1e88cf5ac18e473fe039217f3acbfcc6b26f1fee8b11bb0b25b46a07a73277416d1fd730a564a98d98aa019977160418655afe608c5d62d42911460d0713774bf6e15e38d492af166ddef07678dfad87fa9a5744c6ba1254ca55dd3cc555ad2f569648aeac5ca9349c6e0769a0b1d662b0a5a91c94762b099d5a414c185b390f3063bd846ff5723d8c61b2d2173b8f8d5e7b04fe34af639e33554ac5237b134486763579ef65304a65869542ddd080f4e82210851e3413de5a9d75c09117d5eb630013f89d0976bdcd417e5adf12ca85806c257ec68eb2c95dae689b5c3536e7d753a3cd6cbe231d7b2bc3c90e91a2b939f75947bcde8387683e378682f643005528a8e03619690a88dcbeced1ba9ac8c0b530ef070658b3d489bc4af6629f446af7549fe651ae5680528e966d5c74f4b984f8a273f9a085f72fcab7630de1763ca8aede29ec3a449d0e75d225d96175825fd3d90b5993c0422dba0090b034ff29b2d82acff338c8f839fe935204ac7eac104a182199ea0bbb2c46f1b35dde97641be6de808d4886ef58145018c8cd7d2699e84de3de36f0bd02e92cc880fee8aecfdf6f653d9d79acb1ef3f486ef3123fc58b65585060172082ff5c09f873bc28eda7ae362768231bc1a2b1a9476281d44224cb58794ca5d1ba4f1271bb179851a5d911d7d3daebb908455909856b39b6e99b1046348f83b87b1250a74cd2ba26317ea70e1215e0619f3db784694f2f1947559705973e6e3a97d842362598ba5d042a12b18ba3e49f16cae60af0d246c9bc1bbd55327171991b34f4d23d1b98f4f5978f03afe965de3ec9e0fa87abdcf3e79632bb6dfbe388a9ba28e474467ffd52b99567539973f964adf5cb8c77e76f48a0633b8bfe5e7d6340a6c6ca46199e8441ef7dca2682b5bcc5be07b77644f1627b733be361729735661b638f14c45f84d1bddf93f5a3ceae79620c7507f8830514a629779268cf8aedb494f69d49a9887338c10184fd8527eca00ee05a2361d20a3b246231067d5c0dba0de25693e592c694c1cab6d806838c674d0048751356a30dc03a710e4104ce68d51dcaf2afeb628b76777ef4094dbdf0212840badd37b79cdc21f0707ed760cecf5955b32f2d3ff2a17b550cafb8f2b85500ab19268283f0a16355009307b1271b40d8a9996c89877b7950ec9c5de4438674f754904e3d546d873651a415c54bd73e8800059bc8cc4c247884bf47778ce37f3d06352e41c19bc0066dfdb5aea3576ad0e1dec4e887b4e9e17eb00cf9ae033abeff9d9626b4e91e501eb2807329cbe92eb2eca041a4607627ff810d088bf5c5059723335edd17725338d188ae0912407530aa5b30e39962408aa2cd1d40b941754a5af3a094d1ac0c3f2acc189ffdec77be3e48b08ac96de9205f91ac2683db607c2ccddfa973f7ba74dbefb054e74ce9f745f3c5094b5eb41dc0304317d6c82f09b73b51badcd78e9e7709aac7e894e469a884e5eec445440c312089091532db29f554f9976ced2126c7ffcb64736c99fdbfff945bc47c4e0f09d861bbad87798e92357dd0bc0bfc0868afad8b8f582f1d860ff64b66826797f1e1cd49b5276ea1485a33cd648b92b21c988aaeb27c399a0b6040f24d3fa5a584c89cb89429b19a9df9823eba265a7b99e500cbec1ed3b3f535262a64d2832e5c7b606eb176c5219983d3fc125b59b0a83c35ec003b4502e9ddc8c631b1e64d9c7e7d7a968928e5794bbe6b6f97c0beede373e40b005a13ce9be31e5ef82fc2fcf08a205673316821b9bcec6d2be08156c5ad10b6979fbf01fe8bbf3d689b89235451bccaef456cfd5999ee80dec783a8ade5d80d7411d8912a7313bb61d414c663aab9a742b8463bb2c00a51f54cc2683fdb96ec6cc5c0bcbce9ba6222c627aa54661865bce2ac53620d5596358a8f13d84036d87779297af5c0f3473a00065625a0cfb3d0130c553dacd26c56f2e56f51b09da30ada9dcf874dd449b997426b0f51dfaf5e95601d8e50e256a34038ad36efb7f96cd34b062781feb70a13f7d87e28873fe3736401328993b19a24284421c737ad3977cabd624f1f218adf19f81fc9196b3d427b312b9e6486371ee4034a22d5e5676b07a962d27354511671cae792771ecafff8aaf550cd3dae16e1427019560985261d08635e1c62952a618e5e51a2d5bb2ec2f25fdca23191a16c11d25e64fd3f20f0c72d3d3350c1686951c6ee9e1983be6bcc32be44bfc8a1fee1df02a7a61e01f68eec3d8a773a16ac5315655e714ce8f28e9b665cb11d97a2175aa84d654fb427a0186b59b34b534bbf56f016ff08803165ccaf9dcad6d9771001ed8864983abc913a2c7018b1622406f85bc6cf7e34d0f2c81fb9c26ae05f413673c44c485b545fb1ea155ea4b24a100ef19c3f73fa668083f73d09b4127ba78609b8df6f01f973f87def1618311509126b7c5e1bdbbf25f12fb4aab43cfbb282cd7b95a5d74ddb711deba32cdda3ac9f03b6fe960109012ca18c99afcdb057cbb27e95f27ef42ed020b49fc1dd725ca3dfcacccfa7c0a1dc607077bc46d39dc44a51dd1bbe189fbb250d5418de3deb8f4cf4ee25249a3b8698adcb117f564dc5aaf99f74968d07af511d3def8b9dee6bff591bd78723b04ad8aab557bc6c7200251cf6110ceaf0195aa3c54da6bbf66917733daabbb1813a06ec377bcffbf8a42ffe8a10e0125bd8df6bfe9feba0dababa95cb1dde766e52447d666473cb63e28f4732953ff08cdb8381dc89928bb3a74fd9812ff5aeb76d06804ae834c5225145c913b89d745b41773e7809bb69a14756bd89f37c573620caea4609fea167b9b00e8639b9ab4772c5786e42f7a70a03617c", &(0x7f0000000140)="f5dc2c5473"}}) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="000000000000000000000004000000000000000000000000000000000000000000000000d8028dbad800000000feffffff00000005000000000000000010000000000000ecffffff000000000000000000000000b8d800000000000000ffffffff00000000000000000000000000000000000000000000000000000000006053e17600000000000000feffffff01000000030057080000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e86300bc600000000000000aaaaaaaaeabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000008000000000400000000000000000000000000000000000000002000000000f500007f000001ac141400000007143800000000843a000000000000000000000000007265616c6d0000000000000000000000fd00000000000000001000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aa02009e5b84c700000000000000000052415422455354000000000000000000000000000000000000000000000000080000000000000000000000000000e8ffffffffffffff0000736e6174001000000000000000000000000000000000004d1d6a079a4f483e001000000000000000aaaa000000000000000000000000000000000000000000000000000000000006000000000000000080000000000000006dbfb59e1791ed0a6134c49af0056238db96921cb85ffa389fada75e770fd1e16597e265eeda0619c25dd3f6d78980db5fad6b73bc459bddb4dd03bc77a7bfcb065e279f152b2f430bca60be5bed91bffa4e152ec26eaea742d0fcf916ef34b32a65860e673b40dfb94bcbc3a3fbd725d3ff4acdbc8c3466bab88d54cd15b25d9a83dfbe6d57ada0e520c2e7434981487cad441a1d9f339f9dcc7fdd6261b4cd136c62abdcbcb87d10c7e0c94101941a87cd8bf238359e732ba9e65cf5b428355695c68ed0ba55c3af0d916391e39ba92d04"]}, 0x383) r5 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fallocate(r5, 0x0, 0x0, 0x8020001) r6 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000080)=[0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x800, r7}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000040)={r7}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f0000000100)={r7}) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r8, 0x0) 19:45:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x3000000, 0x800}, 0x2) 19:45:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:12 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x17}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) setsockopt$inet_dccp_int(r4, 0x21, 0x11, &(0x7f0000000140)=0x101, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) bind$ax25(r3, &(0x7f0000000080)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) dup(r2) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r1, 0x0, 0x8, 0x0) [ 1086.819249][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 1086.819259][ T27] audit: type=1804 audit(1593459912.272:2533): pid=11379 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 19:45:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4a00000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 19:45:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) [ 1086.939522][ T27] audit: type=1804 audit(1593459912.312:2534): pid=11379 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 19:45:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x4000000, 0x800}, 0x2) 19:45:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:12 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, 0x0}) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000001c0)=r2) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x80000000) syz_open_dev$vcsa(0x0, 0x9, 0x0) connect$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) 19:45:12 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x500, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x5000000, 0x800}, 0x2) [ 1087.103512][ T27] audit: type=1804 audit(1593459912.332:2535): pid=11387 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 19:45:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x50, r2, 0x180000000) 19:45:12 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1087.274522][ T27] audit: type=1804 audit(1593459912.332:2536): pid=11379 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 19:45:12 executing program 4: perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) futex(&(0x7f0000000240)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) [ 1087.358694][ T27] audit: type=1804 audit(1593459912.332:2537): pid=11387 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 [ 1087.428337][ T27] audit: type=1804 audit(1593459912.332:2538): pid=11379 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1640/bus" dev="sda1" ino=16238 res=1 [ 1087.459176][ T27] audit: type=1800 audit(1593459912.512:2539): pid=11410 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16233 res=0 [ 1087.486156][ T27] audit: type=1804 audit(1593459912.532:2540): pid=11410 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1641/bus" dev="sda1" ino=16233 res=1 [ 1087.510984][ T27] audit: type=1804 audit(1593459912.532:2541): pid=11410 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1641/bus" dev="sda1" ino=16233 res=1 [ 1087.533306][ T27] audit: type=1804 audit(1593459912.542:2542): pid=11410 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1641/bus" dev="sda1" ino=16233 res=1 19:45:15 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fchdir(r3) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x8000000, 0x800}, 0x2) 19:45:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:15 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x600, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:15 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8}]}, 0x24}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 19:45:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x9000000, 0x800}, 0x2) 19:45:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:15 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x120901, 0x0) io_uring_enter(r1, 0x3ff, 0x2, 0x4, &(0x7f0000000200)={[0x2]}, 0x8) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000000c0)={0xd9a5, {{0x2, 0x4e21, @rand_addr=0x64010101}}, 0x0, 0x1, [{{0x2, 0x4e21, @private=0xa010102}}]}, 0x110) 19:45:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf000000, 0x800}, 0x2) 19:45:15 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x700, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x3f000000, 0x800}, 0x2) 19:45:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:15 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000001280)={&(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000011c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001240)=[0x0, 0x0], 0x7, 0x8, 0x7, 0x2}) write$smack_current(r1, &(0x7f0000001140)={'\xde/\xdaE/*'}, 0x7) signalfd(r0, &(0x7f00000000c0)={[0x81]}, 0x8) r4 = msgget$private(0x0, 0x410) msgsnd(r4, &(0x7f0000000100)={0x3, "689dbde3fdf20b48fb824c5d39689bcc55f6e6ce706a9f23acc329475885ed41cde97085d6884d6ee8df066f1d739da0eeaa4f0286bba60d8d7faaa25f7b48f807ceaf940c1a358fc31434abdd170c4992382e6de5e970f8599c73a035239d8973c3b40ce8414ff70ced4d6a04b29089fa938a0ee8642f42da25ba1aa4267497f7ec894bfc5c60b77fa8b2302599ee1c22b787da38d3579417ee9b68e17decd5b6b93136e062c1f4788e935f8416fdb4c9d697bf7f96bb37c12cc9ea4aa48eb853e238cb7756f41a834aff1ba0fbc6e0aad954c582486b7a749cb2a6670887c0a533f7129b9aa7a39620cabebf361ea8aba1de833ea302625919f6eb4eaf7b5bec67ee0571d60041134282dc4dd1bee0291ce2120499d7d807df8071bc56d4ab6ffaf878902f71a5ed95886e9f6f9a3a24a5840531e09478196ec364487be10e9e2c159436eab9d62a785a255ee84b5159021cd17838a6f6958af468988df3e63601ac18eece9294b82c5e90a8e76b7e26b18a09d2a90084f07ec6fa19be7eb4ead464fe83331cd680699a66faa1d861c37fb6cf2424f2b2fa5e5cd533b07fe5453f69d265ffe4df5e9f1a478676b0e8c39bd92a29bb7c79edeee66f9e917946faca56649dc66e6e5a0aac626f674bbc2afc6173e3725fcae1cb53654ed17523d4af9e80102338592b027ec9053ece0c6bf3d8339006095ec9be379b5c4792496017fbd7e1fe771c27af3df4777cd9995a32c9801321731b959dfe9e68bcd3c4ea288b3f0cb2f87adfc6984e5bf4fc5fa1fd7369cd360b1d0207065a8a708f6e049ccc0919a0f8ce4eae311b53f3739701a0ee45a7bee03ae4227457d5ebd2b3ef16e51ac38381a178e1e72ed1335948dd1dcf1d838ef23e58e173b71695293968963660911f18e964f6ede46db65e6c5f39d6eaba2a40a9552b0bf9e1429ae02f7213c3ea59b3b6c62e0a3aec40fa111d74ad4fbbd5f73e7bd23f4f6a24ff23ac78a8c26c78b288673b59eb212e1b73d984d93ec9cd08489415255188e4ff42a9b3485ed04329df7293fc78ff3ded98da5b8ad75367b85047c66b6047f21485c69c29b99652fa81ed5d1dbcb15afc5b1ff7d77a6d9d363849f09a879806342c7b93fe41d6073cf76594b89e992f9c7d9e3fed0d87772d6d16916cff57e2b4a29299100e0474daa13dcdc5c691a9183b10e31f0bad1b0352e7449a80cacf4f60ffefa55f1ca800f47c67fec22893ccfccfd129e9b39b5c8981f953a385a6dec943d595604df434dfd4e1501227b1d04ddfec9c684125973257275b365f4fc5fd9974ce0dd573006b21b0506ae22d94f3e24c448bfb914f4940bb97a2c7df273113ca8d9c1e4e6aaf6ada62e837d5a326d437827b6b6dfda2072e3572a9a0e305483d835c72e5a389b22f7c20f26145c2c160836c83c3f5233ece6930297e2232d8442ef0d6384616ef620ef2d6f7dbd8209fc7527413cbe870d3ccbc4d2aa1f626765c7441db0b9143f55309efe4c35e28dc07e1b335d11ec2b9fa066f0e52712d3dbffd31c0d1586f955a723e25ef1f956bcda0140dd2a35f7568220d24f278530bba010a24372a01253812fca368aa92c96fb9818fc395917a05667efb58b6245b11369cac153b4f1947ae9881057fc6b63f6396581237e7db3bdb82b720d5e9abf6b50839f3e6e08942af2ad3e7c69d87ba75ccb5aee58d96082556b5e08309c866080f7d33c82b27e968d62128044fe3e7102b108cc291de92797e600f0bbd0b97139a83576199f512a229080c433f1e283e87b38ef9b5bd285e628c417435d5236ec53679bc5249095570239040a78593eac5cd76c2e92fb17816d61a8851c96134cb279c3324c9beeeea699e7a7bffb425424a24a0a76946dceeee266c12703bd725dc1543b2bf31f9445da62dccb8141265e910181edbf5a16452aab6bcbf2463f20f8fbf007d31197d098012702a86289e405d801b9badd11830cfe33d910a45c0bd86282a49199e951b79f7f6126998adc9192cccbc199f914c239818d6c444d770f95004aca2cd849bf230b809b7a3d10b8cdb2a7b090d7e7a33e6b643e7d61dcca92a4c8b5930b922b1b05533b119a36c06b4c17ecb6e0fb4ea6bdae54334055ff061a3e1f0b92a4faeeef85973d93832b5af89f42b72f1ef05a6b80d2cfdb2881eb0a905280b8bf77f24c179611fff1580ba78e9ecd0359855a30a3422b138307de19d4b17e94eb9fdefbfd344cda1c9c9a362593c678ece6fe6b8ff5c270be6d4d6cf2389383d33b1e8cc96dcbe9b1b0053121bef5b7866907f71fba8ea4bac00ff7a2dcdcc99402bcb5583129977bef70092cc397f441e00a688cd9fc804aad1a0766ea59cb6db8ff8c04473be7b92dc49e1245089ade88ca634b5109a597e2189c2272e57c5816cb904e577d852a91359c56ccfaff17614463b730ac1c708368d00638d05b1e624c5b025fc6866e1623ba551f2d72c12d9d60b66694ec5b9a856ce092c64f01434b0211a48d98d1796d73ddfbd73714a24989aee0f7c132b199638cca35645d8b5a32e7283f9b3606dac47b12b7fc06c7a89ec2781719c33ddabe26152c2f15d9ca486f1454dc2c5f30fbf2fc5954a5dc5bafa57e6df51f92b639874fc66709b11ae05e03de4da9ae08994f881ecc57fa8e7bef004a2f515d8529d1b70607e08a7370405e56eb8c16fe92f2ca5e4a3b4c87c94b7b7dec013f21cca50ba23e9e2987ba63df2e112284a780abc4a938bdc48a268fb1c989b91d68e08131d94e65415595f48c8758469974064b7c993aa7037287829496ae8e16814d6f7864cb971898470c29ba80224895129ae35a53680c96157ba6bbd26ed098c84beef88f3a609cfe874ff1717dee67512e7a9beb013ad4d87e55e1f4a86679a84dfac410f637adda15191e0889f07441142d921d078bf6be71549a1c65c8ab937a0e2e4a1711cd0bd9e4025dea2e89f29add06176dbc87789ca264aacb32797f0b0e9f0e4f94bbd146e301e1207a9b457c4e7ee557641c9bc32deef6cf84a898fbc030de344a369611f0f04b775cf503c89eca5f8d4abb16b26b61e9e35a30c354616f39ea0a48750d98559a78ab6547506b849f258c8517a0364fec8e6ff1a9c93f588c73dc5153845b9b8b49be4e9a9f86e95fb77d38755073213228469126d328462d3d63b8dac8bc2c128e0e2fbe10f76ca6aba1711510f8a9f53d3c5ffc0cf4beb81c57989a6ca78e74f0236ebb0d4489c707f4c3d85f80e58953967a89d413f6e3f1dcdb132febeb0c85ee02d07548f9db823aab650ac1359e9be2d08a79e478a08f53e6f91e37eaf8228972f0b2a780ff67b48273627ec06df86f8b6a85611c076ab8ce991d1a4b362438a6476ae245a3b0991e6ab24ea434a2b9de180fb1b2cc70b196f3c3f2b914fd9a5913bba3bc4795dce9090e391ab389420b1b28f4bde03957832a3b07479e49244623cfbdc6151635b9ede36b8d653d3ed4fc9716d28e40407ce32b8e73f98a87093121e7fba076f2584053de7afcd8cee82051a58ed9ea2aed78c3a75ebd5916e983f131727179c53d045646982d41bfcac4c9c335fad0335be4e44f19cc89d4ccfbc0a62d7c8c968e185c263137826903fffce682ff086d9ac854d6e93c22d7acc6066d4eade764545da7c68a6923172b6248ea0490e41a81a78ec55157d720f56b6dd447d0bd156952afda1a49d8cb51ceefab26bb5ff4b309b363e03e4c6fc0b9e5214c2d424f813cef0f0ee3acade0f4423ef33beb6e733383d0472e3516faf245a1deba58677018586e0f1eeda93dc321e9edd36952e8b2ed1096f4e20344a5f82f0c2bacb0c02fccafb212c0b29351226ebc15a9d206f0c0f55cadefc884414b060c39e25cec30010a85438e332ff50162b63ffabd986a314429f249ddc2b0bf1c051c14a541afe42591420789ea4df5506b5c7bb23a3a9cabe110c8b6f71b304e525b87654b0c1b342b983c7b7e963b2922a148edea0273f7a17af5d0f39376d6463a6c40d2eb3b86091182c3fe8ffe4c9a8c11903f2d19d3d9186742c54c69b580b032653f929028ba8e94372cf2501c8c543845bfc60a3e4f0a6d37765f0369723eb023cd029aa8fd43d4c6f994cdec053dfa1d62b128ca0b94c1af7e563d4c1a856686c38df4b96ed301059174e6ce425e1e4f609e50336631a860a9e07aa2e95597ebd64b21ad7e9f546d6dda07143666e46b49dd3a07e5d64b670a0e3368026cbeb83cc93f6529ff67cde09402fdd27ceb8950a032ba2f82ddd746eb98cdaa4c0cd3b696a35c07a34454f8eba57d0c3e63a7cf8cb73bb3da665dbdb9fbbb65818235902d961a111e5f9da38e3202dc92abf448768a9f2db62f35aca07e36c9a993912e3dd0fee48a39edf14548f5a0206559c996929a3352386c47efb160ce04414ea48563b2012ac822078f0fafb060e39e4a23e1a9f544635122eda88d8918fab66e0bfc3b75d1736137734596588a9c4aec21d983d5101b719d0ff21c99ec925e7b1a77a3233eabfd11c73041dd0eafe82e52434601460406610f492e9f0f63779210686a7d3efcfa2f999ba15e395a5ae589bf01ebcb0f151752fb434178b665a828dc48fb82742c6b4c3d36a3fdcb21ebb09986835f1652b02635d1b82ad46ba1b91e41d90d2c1baa68c586a103aef596a3b73a40e9a688faf11aa1a8a8ef23c79c2c794e748d09bed018a7c10f5399266112e2c7f0d6d3eeee943e3cceff883449711fd2bbe94f3abe032466c4673c0b6f81fae13e680c9eb0614e11c4d5a709adcc23ec4aec12ba4d302cbd49b68b79313144c2c9d1bf3d47dd520b37c63e9a65581d4231bfd1f76e06db2ed1f6d4c8d1f3ada66bb26704ae499bd0c4cb7f3627a7e29557e409f18b5c8ca8ab8cd18b84ee50bb8a8171398b7cc0f20f73df8ace8b0dd4957d2108c12bd582d745234dac4eb774ea76734932f31dd00e6d275d8032ac45c091f8a9e53ef0714b861916c0f2e7edcd31f282988857cc1a849eafe069f8699464b7c7a6e4882fc67a44f9f1fc7473716dd60c151bbedc38ef7530b85135c9a5571452f21541188d04390101a4024f89eb9707f2482b147fc7805265d64ce22fbec767e1ec66ab2858502877039092b083303ac37bad7073982dc2aebb899e358360f8342d6d8c756c9523b0d9800e529899cca5f8a5ae4f7f56a90f5b42531267854d7f4aa9f4a73c0ea524f485c371676c726594d084c2731512a9d0d827e059a3bc5da3f9cc361e8505c8b1eb44cdc42be9b2ec1a80e9ea2156ef36ef7b73ac9900492b3d21e59dbdf37c78704237f6a01eb14eb4ee7d9db32f49d7b498e85bade69ed95b987c595949370417cc51423f08abf1c8dd13aa01239e64262689ba53b9c2da65666bf2b2e0e3367b3e7d9ac5c710d58387934e1c55525c79a3706b9d6f97b669f83683d50effca4d00c8ca6e674e4556b9cee2bc61dd5a9f94c3b656d34538fc18efa1b340fbfc699c08827efdadb394918f83fa1946b8dcadbecc2da9005a2ca11f692ec189e8fc7344be8e5202e5d6066b993431503a28049b5c4779d55dc9b4f1d8a5b7cbf2234339f65663d1ad8778f42f70482634d731bcc0a21a8599fb94ebfe8e74a4a4c2069ffce8641d9bb5ce91ed1832d1fc9e2630e07e7929dfa96437755362882409b95d32e9d0ddab2664e81438235b99caa1f219ee0e258c7d86d552669512e78e204b4f605c302aaa1063eb8f70f129a97fa06b33ba55289a6459e5259601ef2fa0a80af3df3683dc74da3b8d717"}, 0x1008, 0x0) 19:45:15 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x40000000, 0x800}, 0x2) 19:45:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x60000000, 0x800}, 0x2) 19:45:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:16 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x900, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x9effffff, 0x800}, 0x2) 19:45:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xc50f0000, 0x800}, 0x2) 19:45:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xefffffff, 0x800}, 0x2) 19:45:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:16 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xa00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:16 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000340)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="020028bd7000fedbdf250600000008000700e0000002150001e5c370729b632f706172747c8d7e0fdee2e95dfef1a2f1494b6974696f6e7300000000080002000700000006000b0029009e818b98588dd69e1d92bbec237f64a2d992306965"], 0x44}, 0x1, 0x0, 0x0, 0x20040050}, 0x4081) sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="00032c99bf00020000000100000008000c0001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x44000001}, 0x4000010) 19:45:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf0ffffff, 0x800}, 0x2) 19:45:16 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xffffff7f, 0x800}, 0x2) 19:45:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:17 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xb00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xffffff9e, 0x800}, 0x2) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = shmget(0x2, 0x2000, 0x40, &(0x7f0000ffb000/0x2000)=nil) shmctl$SHM_LOCK(r5, 0xb) 19:45:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xffffffef, 0x800}, 0x2) 19:45:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xc00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xfffffff0, 0x800}, 0x2) 19:45:17 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:17 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x40030000000000, 0x800}, 0x2) 19:45:18 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xd00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:18 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:20 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) accept4$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14, 0x0) bind$packet(r1, &(0x7f0000000100)={0x11, 0xc, r5, 0x1, 0x8, 0x6, @random="df2ed0d04ef4"}, 0x14) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r2, 0x0, 0x8, 0x0) 19:45:20 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x100000000000000, 0x800}, 0x2) 19:45:20 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:20 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xe00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:20 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f00000001c0)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0xfffffffffffffff9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="000000000000000000000004000000000000000000000000000000000000000000000000d8028dbad800000000feffffff00000005000000000000000010000000000000ecffffff000000000000000000000000b8d800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000006053e17600000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e8630000000000000000000aaaaaaaaeabb0000000000000180c20000000000000000000000f000000070010000a801004069700000000008000000000400000000000000000000000000000000000000002000000000f500007f000001ac141400000007143800000000843a000000000000000000000000007265616c6d0000000000000000000000fd00000000000000001000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aa02009e5b84c700000000000000000052415422455354000000000000000000000000000000000000000000000000002000000000000000000000000000e8ffffffffffffff0000736e6174001000000000000000000000000000000000004d1d6a079a4f483e001000000000000000aaaa000000000000000000000000000000000000000000000000000000000006000000000000000080000000000000006dbfb59e1791ed0a6134c49af0056238db96921cb85ffa389fada75e770fd1e16597e265eeda0619c25dd3f6d78980db5fad6b73bc459bddb4dd03bc77a7bfcb065e279f152b2f430bca60be5bed91bffa4e152ec26eaea742d0fcf916ef34b32a65"]}, 0x317) r5 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fallocate(r5, 0x0, 0x0, 0x8020001) r6 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000080)=[0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x800, r7}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000040)={r7}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f00000000c0)={r7}) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r8, 0x0) 19:45:20 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x200000000000000, 0x800}, 0x2) 19:45:20 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1095.395524][ T27] kauditd_printk_skb: 31 callbacks suppressed [ 1095.395532][ T27] audit: type=1800 audit(1593459920.843:2574): pid=11685 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15769 res=0 19:45:20 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1095.498237][ T27] audit: type=1804 audit(1593459920.883:2575): pid=11685 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1646/bus" dev="sda1" ino=15769 res=1 19:45:21 executing program 0: openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x4000, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x4037e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x300000000000000, 0x800}, 0x2) [ 1095.633376][ T27] audit: type=1804 audit(1593459920.883:2576): pid=11685 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1646/bus" dev="sda1" ino=15769 res=1 [ 1095.707772][ T27] audit: type=1800 audit(1593459921.083:2577): pid=11708 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16292 res=0 [ 1095.737161][ T27] audit: type=1804 audit(1593459921.113:2578): pid=11708 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 [ 1095.778709][ T27] audit: type=1804 audit(1593459921.113:2579): pid=11708 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 [ 1095.802372][ T27] audit: type=1804 audit(1593459921.113:2580): pid=11708 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 [ 1095.825583][ T27] audit: type=1804 audit(1593459921.113:2581): pid=11708 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 [ 1095.848823][ T27] audit: type=1804 audit(1593459921.123:2582): pid=11711 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 [ 1095.870733][ T27] audit: type=1804 audit(1593459921.133:2583): pid=11708 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1647/bus" dev="sda1" ino=16292 res=1 19:45:23 executing program 3: timer_create(0x1, &(0x7f0000000300)={0x0, 0x14, 0x4, @tid=0xffffffffffffffff}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000240)=""/28) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000140)={{r2, r3+60000000}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r7, 0x0) ioctl$PPPIOCSMRU(r7, 0x40047452, &(0x7f0000000080)=0xb8) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r8, 0x0) setsockopt$inet_mreq(r8, 0x0, 0x23, &(0x7f0000000180)={@remote, @multicast1}, 0x8) r9 = socket$kcm(0x29, 0x2, 0x0) splice(r9, 0x0, r4, 0x0, 0x8, 0x0) 19:45:23 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:23 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:23 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xf00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:23 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x400000000000000, 0x800}, 0x2) 19:45:23 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:23 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x500000000000000, 0x800}, 0x2) 19:45:23 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:24 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x81, 0x0, 0x2, 0x8, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x13, 0xfff}, 0x0, 0x0, 0x0, 0x0, 0x80000, 0xfffffffd, 0x270}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f00000000c0)=0x5, 0x4) r3 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) 19:45:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x800000000000000, 0x800}, 0x2) 19:45:24 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:26 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x2) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r3, 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000000c0)={[], 0xfff8, 0x1, 0x0, 0x5, 0xdb, r3}) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) 19:45:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x900000000000000, 0x800}, 0x2) 19:45:26 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:26 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x1100, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:26 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x4200, 0x4) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$VIDIOC_G_FBUF(r5, 0x8030560a, &(0x7f0000000100)={0xc4, 0x32, &(0x7f0000000080)="e77fc2a08a065a0ee22e31b0426b202f2d3d2bded5a0136cf498252c8936b43471249d3741c51ce3bf7ea3741d10752eaa27c598b85dc6779bb82d7c45643b46d6515674a74d26edb7cb3b712eb193aaba87da14938b84aff7dcd5857ef07f36", {0xa02, 0x0, 0x32314247, 0x2, 0x3df28244, 0xbc2, 0x5, 0x282}}) 19:45:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf00000000000000, 0x800}, 0x2) [ 1101.543191][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 1101.543209][ T27] audit: type=1800 audit(1593459926.994:2588): pid=11765 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16258 res=0 19:45:27 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1101.661507][ T27] audit: type=1804 audit(1593459927.024:2589): pid=11765 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1650/bus" dev="sda1" ino=16258 res=1 19:45:27 executing program 0: r0 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$DRM_IOCTL_MODE_GETGAMMA(r0, 0xc02064a4, &(0x7f0000000180)={0xb3fc, 0x4, &(0x7f0000000300)=[0x7, 0x8, 0x1ff, 0x7ff], &(0x7f0000000100)=[0xffff, 0x4, 0x5, 0x7ff, 0x8, 0x0], &(0x7f0000000140)=[0xffff, 0x5]}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) futimesat(r3, &(0x7f0000000200)='./bus\x00', &(0x7f00000002c0)={{r4, r5/1000+10000}, {0x77359400}}) sync_file_range(r1, 0x0, 0x7, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00') r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r8, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004855}, 0x20040000) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, r8, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40040c3}, 0x40000) sendmsg$TIPC_CMD_SET_NETID(r6, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r7, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0x7}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x48c1) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r9, 0x0) 19:45:27 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x3f00000000000000, 0x800}, 0x2) 19:45:27 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1101.794610][ T27] audit: type=1804 audit(1593459927.024:2590): pid=11765 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1650/bus" dev="sda1" ino=16258 res=1 19:45:27 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:27 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x1200, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x4000000000000000, 0x800}, 0x2) 19:45:27 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:30 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, &(0x7f0000000080)={0x3f, "2e80acc8b513249fa2528958d42decaabee7ab293807827269d4a0d14690d216", 0x5}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:45:30 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x6000000000000000, 0x800}, 0x2) 19:45:30 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:30 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:30 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x54, 0x2, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x54}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x4010, r5, 0x7f076000) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='disable_sparse=yes,errors=continue,gid=', @ANYRESHEX]) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000180)=@kern={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)=[{&(0x7f0000000c00)=ANY=[@ANYBLOB="880300002d0004002cbd7000fddbdf2514007100fe8000000000000000000000000000bb8901738008004a00020000002f7aafec136fd73e90bbe244bb1b132a5fe8cb196a9c86eb8a929b8504832f7945d0e6dfe627a440af5e7d7ada75c8ea644fad1aa74226fe981d67790e31291f5107b1ede6197417136a548f3cbfdbb6df9ab7b1867b05001e65967696ef901641792f9bfcf5e4959a2f4bc261bf276a6f022fd4989a00d7bb04fd1f0d06a2039c9363e18090adbbd16fed09937f4fd40915ddf44204557f0fbb9b65fca3123de26a3ae7004638189d07bb212aed84a2edadf67416917f709dd32fc4ce1a1458a5ba5690fbb9003400b1b8234a94778a131e91bde44f625e29414f72c52eabd7b2e8f2b4e8424a49000063bbc13c730570a8b83fc1460879d309fdbdf12997ec49018ee7219828c6c5d6ae838d63e7899dbfbee5c0693685017d1ce0a0ed0434e8980de739b891ed5e0b2f7d1a3623bf727c7be21843b19d249c28c7f866e369a6d12851999b7bb9693eaa982efe985bbffbb1da8e948696296fe1c31f3667b0aa63e5031c64b79f4cdf409d2ee164d2fdd7700644b093006102a4f2130a0000000000003c97cbfeaf7ea87cb62a3a25c69a5ac9d5afd348c89dcf3c6e7fe7289128bab308724882e4ca8cb618e6acc0deddb9756e452c308838eee5bfb0cc7cee22ac42cedf55abefe8cf79aac787af91f4bffcf31ec89cb24203f12c1c9bfd502333edd28d25c98096385c950e2c2322e96e7ff149f6788fc1d855c59d9c17003a3032a8f788c22759bd0c9028b9558d01ae848ae4cf4b017759981fd946e0cac8055fd011756d70e5977bd5a663f75d5e8f26c3b9b30babba1369b27d6998b9a4e4cd4e24cc016e0c913b453234306d96f6a1c7ce971cfb7e9c08000d004c6c18ad1180400bd06d4375ce8cc8672e0c541ffa7bd0c8ee2796870aa742b05a7ae0b500a3f36254062c87b0f20e4fee11a38463c57074110aa888a5e50f40d74990311d30666b220ac06ee28abfb26f6336e23021bba9cf4b0e46dbe83746354f4dfdff92be30972d81bacf2e831a2900"/779, @ANYRES32, @ANYBLOB="bb00208073a2ce62ad24eea8c2d0d42fc55d4cff39cdccb70dd37d9bd2a850ce1c5e20e11322ec5ba5e87c806fcdba6bf262a248edbf5ace841fed76c479c9fa000a3cb48263144c4005f6728465987cac307d3e1d409a63c6535b1fd42e26ea42a6372ca9692fdcc247d6359c15e749fae475c9ab2a9356207a904dac8429394ea44237f4c879936761bc34db8811746ca5e2a2333c37e77fefb8451fcbc3fc3431f5db379bc27f2a2ec3de44089dabf18112854cf25b585b9efb0025458cf2cbd3d407f77a629304a4c0255ac7a413db424766b027d7060524d9f89cb6f7103b5cee5ea5d5ec5d7dff9a540fbabd6a598abf6e414437361f5e9a6c4f000000"], 0x388}, {&(0x7f0000000a00)=ANY=[@ANYBLOB="e00000003700100028bd7000fddbdf254d284d31df2cda077421c6825479a2c6f9c52b652765b205c4e36555562a4a7e84f555cbbca9614106a1f6bc727f89a2e0cd62da5733bb559bda9efcf0941182e672eafc183fbb5790cddb577d6bafed6cee88dc7ac4876fb7d6992d664348fbb91218348ff4ec1069e632f42377c70f73d22448ca8fc322057fad44762530ec0b27a7dc553a2b002580cf9940baa96af6220c27cca94eaa6d77329a2ea08a53f0cda7a7ad3d9dd016a63617ed9b7a10d3008ed51d12f582c0d364c87821c87c2cd6d87cfe8631b0fda69389d8356272e1cd4e378c9a3de921fdc6cc322a7481641a3a416ef95dd4a39deda2c927c5527a12fe914266eb3f7ff951bfe86677f28ae2edba2079857f11e82ef1ccbf118b325fd2cdc9845218dffc56855832175e04d25a40e45d766a1e37635d5cc79a7dbe1ff81c8b6185be2b0ce4a7047018ef2a08ffc921bde795491b158371dc617caaf4f32826e952b2deb594b184c37987da482719f2835f2d6dc6dde31748cbde841232999ebaa3baecdfca8ac7504c7b96a3d7791c786e40aacbfdac80b7076bc35ee1650dc12c1ea8985bb9e5f00d32f79e313817d09721484de221b0812b2b07bcc626f77f8896872e34c8a2f014861f"], 0xe0}], 0x2, &(0x7f00000004c0)=[@rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @cred={{0x1c}}], 0x70, 0x48080}, 0x20014) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x7) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000600)={0x0, 0xffffffffffffffc0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYBLOB="0101000000000000ff0f00000000000005000000631f0000020000000000829043268b4f24cbc7c4b51c905b340000030000000000000003000000000000000500000000000000000000000000000100000000f6a28fda6bacfa28c45993e6050000008a000000000000000300000000000000010001000000000000000000000000000000000000000000042400"/164]) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1104.605331][ T27] audit: type=1800 audit(1593459930.054:2591): pid=11828 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16292 res=0 19:45:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x8000000000000000, 0x800}, 0x2) 19:45:30 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1104.700439][ T27] audit: type=1804 audit(1593459930.074:2592): pid=11828 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 [ 1104.769740][ T27] audit: type=1804 audit(1593459930.074:2593): pid=11828 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 19:45:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x9effffff00000000, 0x800}, 0x2) 19:45:30 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1104.863592][ T27] audit: type=1804 audit(1593459930.084:2594): pid=11828 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 [ 1104.923061][ T27] audit: type=1804 audit(1593459930.184:2595): pid=11844 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 [ 1104.961688][ T27] audit: type=1804 audit(1593459930.204:2596): pid=11828 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 [ 1104.986003][ T27] audit: type=1804 audit(1593459930.214:2597): pid=11846 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1652/bus" dev="sda1" ino=16292 res=1 19:45:33 executing program 3: timer_create(0x3, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000100)={0x980000, 0x1ff, 0x6e9, r3, 0x0, &(0x7f00000000c0)={0x980913, 0x80, [], @p_u8=&(0x7f0000000080)=0xff}}) 19:45:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:33 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:33 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2500, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xc50f000000000000, 0x800}, 0x2) 19:45:33 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xefffffff00000000, 0x800}, 0x2) [ 1107.707691][ T27] audit: type=1800 audit(1593459933.155:2598): pid=11880 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16263 res=0 19:45:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xf0ffffff00000000, 0x800}, 0x2) [ 1107.784630][ T27] audit: type=1804 audit(1593459933.195:2599): pid=11880 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 19:45:33 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:33 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$KDMKTONE(r0, 0x4b30, 0x6) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xffffff7f00000000, 0x800}, 0x2) [ 1107.950715][ T27] audit: type=1804 audit(1593459933.195:2600): pid=11880 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.074361][ T27] audit: type=1804 audit(1593459933.195:2601): pid=11880 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.106669][ T27] audit: type=1804 audit(1593459933.195:2602): pid=11880 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.137217][ T27] audit: type=1804 audit(1593459933.205:2603): pid=11886 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.169460][ T27] audit: type=1804 audit(1593459933.225:2604): pid=11886 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.221850][ T27] audit: type=1804 audit(1593459933.225:2605): pid=11880 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1653/bus" dev="sda1" ino=16263 res=1 [ 1108.245925][ T27] audit: type=1800 audit(1593459933.465:2606): pid=11917 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16238 res=0 19:45:36 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$SG_SET_COMMAND_Q(r4, 0x2271, &(0x7f0000000080)=0x1) r5 = socket$kcm(0x29, 0x2, 0x0) splice(r5, 0x0, r1, 0x0, 0x8, 0x0) 19:45:36 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0xffffffff00000000, 0x800}, 0x2) 19:45:36 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2c01, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:36 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f00000000c0)={[], 0x6, 0x5, 0x3, 0x0, 0x1, 0x3000, 0x1000, [], 0x4}) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:36 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x300}, 0x2) [ 1110.853701][ T27] audit: type=1800 audit(1593459936.305:2607): pid=11936 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16337 res=0 19:45:36 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:36 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendfile(r0, r1, &(0x7f0000000100)=0x6, 0x7fff) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f00000000c0)) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r2, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) 19:45:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x500}, 0x2) 19:45:39 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x1d, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x1010, r5, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) sendfile(r6, r2, &(0x7f00000000c0)=0x611, 0x81) 19:45:39 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x2) 19:45:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) 19:45:39 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x3002, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:39 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x17e, 0x0) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000140)) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000001c0)) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000100)='\x00', 0x379, 0x0, &(0x7f0000001240), 0x100010, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x700}, 0x2) [ 1113.975916][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 1113.975924][ T27] audit: type=1800 audit(1593459939.426:2621): pid=11992 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16244 res=0 19:45:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) 19:45:39 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r6, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x3, 0x8000}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={r7, 0x1f}, &(0x7f0000000140)=0x8) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) 19:45:39 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1114.081070][ T27] audit: type=1804 audit(1593459939.496:2622): pid=11992 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1657/bus" dev="sda1" ino=16244 res=1 19:45:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x802}, 0x2) 19:45:39 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xe) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x1010, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r1, 0x0) 19:45:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) 19:45:39 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x3f00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1114.239764][ T27] audit: type=1804 audit(1593459939.506:2623): pid=11992 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1657/bus" dev="sda1" ino=16244 res=1 19:45:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x803}, 0x2) 19:45:39 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x7, 0x0, 0xffffffff}]}) [ 1114.316213][ T27] audit: type=1804 audit(1593459939.506:2624): pid=11992 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1657/bus" dev="sda1" ino=16244 res=1 [ 1114.344772][ T27] audit: type=1800 audit(1593459939.726:2625): pid=12023 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16382 res=0 19:45:39 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000100)='cgroup.events\x00', 0x0, 0x0) ioctl$VIDIOC_S_AUDIO(r2, 0x40345622, &(0x7f0000000140)={0x0, "ac1f6f8fd6f4aa63ba6714d3dfaff76a55d3451b1675c013739db2d75bb03ac9", 0x2}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$IMCTRLREQ(r3, 0x80044945, &(0x7f0000000180)={0x40, 0x2, 0x9098, 0xffff}) r4 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r4, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x9, 0x420400) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:45:39 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x804}, 0x2) [ 1114.450153][ T27] audit: type=1804 audit(1593459939.736:2626): pid=12023 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1658/bus" dev="sda1" ino=16382 res=1 [ 1114.593573][ T27] audit: type=1804 audit(1593459939.736:2627): pid=12023 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1658/bus" dev="sda1" ino=16382 res=1 [ 1114.670397][ T27] audit: type=1804 audit(1593459939.736:2628): pid=12023 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1658/bus" dev="sda1" ino=16382 res=1 [ 1114.693580][ T27] audit: type=1804 audit(1593459939.746:2629): pid=12023 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1658/bus" dev="sda1" ino=16382 res=1 [ 1114.723677][ T27] audit: type=1804 audit(1593459939.756:2630): pid=12023 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1658/bus" dev="sda1" ino=16382 res=1 19:45:42 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x2}, &(0x7f0000000200)=0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$PPPOEIOCSFWD(r2, 0x4008b100, &(0x7f0000000080)={0x18, 0x0, {0x0, @empty, 'tunl0\x00'}}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$kcm(0x29, 0x2, 0x0) splice(r6, 0x0, r3, 0x0, 0x8, 0x0) 19:45:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x7, 0x0, 0xffffffff}]}) 19:45:42 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:42 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0xc4a80, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{0x304}, "5cc923ef21fe8406", "8aa1de9a24eddc3544a847cfd09a3b5f", "088c3963", "c03c5ac4c29ff04e"}, 0x28) 19:45:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x805}, 0x2) 19:45:42 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:42 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x7, 0x0, 0xffffffff}]}) [ 1117.184646][T12065] ref_ctr increment failed for inode: 0x3fca offset: 0x0 ref_ctr_offset: 0x2 of mm: 0x00000000c4adc886 19:45:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x808}, 0x2) 19:45:42 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:42 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000180)={0x5, &(0x7f0000000140)=[{0x0, 0x45dd}, {0x3, 0x2}, {0x1, 0x101}, {0x20, 0x3}, {0x40, 0x6}]}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x70) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r4, 0x0) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f00000000c0)={{0x2, 0x4e20, @broadcast}, {0x306, @broadcast}, 0x48, {0x2, 0x4e23, @loopback}, 'veth1\x00'}) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffdfd}]}) 19:45:45 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$kcm(0x29, 0x2, 0x0) splice(r2, 0x0, r1, 0x0, 0x8, 0x0) syz_usb_connect$uac1(0x6, 0xa2, &(0x7f0000000380)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x90, 0x3, 0x1, 0x2, 0x20, 0xfb, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xd7}, [@selector_unit={0x8, 0x24, 0x5, 0x3, 0x59, "912bbd"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7, 0x3, 0x81, 0x7, "", "0b1c4c"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xea, 0x4, 0x80, {0x7, 0x25, 0x1, 0x81, 0x4, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x4, 0x6, 0x9, "a9d37ff5696d26d5"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0x40, 0x4, "bdfae6a5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3f, 0x3, 0x9, {0x7, 0x25, 0x1, 0x0, 0x5, 0x6}}}}}}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x40, 0x3f, 0x1, 0x8, 0x80}, 0x43, &(0x7f0000000280)={0x5, 0xf, 0x43, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x80, 0x20, 0x2}, @ssp_cap={0x10, 0x10, 0xa, 0x9, 0x1, 0x800, 0x1e000, 0xfff, [0xf]}, @ptm_cap={0x3}, @generic={0x17, 0x10, 0xa, "6b5a3d0c89cfa92ac39989a135912cf7c6bd1dc3"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x7, 0x0, 0x9}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x44e}}]}) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x200000, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r3, 0xc0245720, &(0x7f00000000c0)={0x1}) 19:45:45 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x809}, 0x2) 19:45:45 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:45 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4002, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffdfd}]}) 19:45:45 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r2 = pidfd_getfd(r0, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x40, r4, 0x90fc047e054328f9, 0x0, 0x0, {}, [@NL80211_ATTR_BEACON_HEAD={0x2a, 0xe, "0820ec1b94dc5b4f3ee83ea2a29ef7af10083f5465cd9670f1e4d1a33e5a767de1743df57266"}]}, 0x40}}, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa0000100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r4, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'team0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044005}, 0x4014) open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r6, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r5, 0x0) r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r7, 0x0) 19:45:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffdfd}]}) 19:45:45 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80f}, 0x2) 19:45:45 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:45 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f00000000c0)=""/4096, &(0x7f00000010c0)=0x1000) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:45 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1}]}) [ 1120.541264][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 1120.541273][ T27] audit: type=1800 audit(1593459945.997:2640): pid=12154 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15795 res=0 [ 1120.632653][ T27] audit: type=1804 audit(1593459946.047:2641): pid=12154 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1663/bus" dev="sda1" ino=15795 res=1 [ 1120.665139][ T27] audit: type=1804 audit(1593459946.047:2642): pid=12154 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1663/bus" dev="sda1" ino=15795 res=1 19:45:48 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4400, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x860}, 0x2) 19:45:48 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:48 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1}]}) 19:45:48 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180), 0x0) timer_delete(r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_SECUREBITS(0x1c, 0x8) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x29, 0x2, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x2) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r6, 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x3, 0x3e5b, 0x0, 0x5, 0x4, r6}) splice(r5, 0x0, r2, 0x0, 0x8, 0x0) [ 1123.308506][ T27] audit: type=1800 audit(1593459948.767:2643): pid=12176 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16330 res=0 19:45:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x900}, 0x2) 19:45:48 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:48 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$SIOCX25SDTEFACILITIES(r2, 0x89eb, &(0x7f00000000c0)={0x5, 0x3, 0x0, 0x1, 0x40, 0x27, 0xe, "2544e52b676ff76d1a448082de99f66907e560a8", "8bbaf927b2ce353f400162fa93330fc4d38d72d3"}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) 19:45:48 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0xfffffffffffffffd) r4 = socket$kcm(0x29, 0x2, 0x0) splice(r4, 0x0, r1, 0x0, 0x8, 0x0) 19:45:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7, 0x0, 0xffffffff}, {0x1}]}) 19:45:49 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4800, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0xa00}, 0x2) 19:45:49 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1123.522368][ T27] audit: type=1800 audit(1593459948.977:2644): pid=12199 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16330 res=0 19:45:49 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_ABS_SETUP(r0, 0x4004556d, &(0x7f0000000080)) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f00000000c0)={0xb, 0x3, 0x5}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r3, 0x0) [ 1123.610402][ T27] audit: type=1804 audit(1593459948.997:2645): pid=12199 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1665/bus" dev="sda1" ino=16330 res=1 19:45:49 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0xb00}, 0x2) 19:45:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:49 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1123.751787][ T27] audit: type=1804 audit(1593459948.997:2646): pid=12199 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1665/bus" dev="sda1" ino=16330 res=1 19:45:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1100}, 0x2) 19:45:49 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000180)) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r2, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000000306e9f87a27a6c30102000000000000000000009fb00fb23a404fff12f0df6ac281e2356cc93ea5779dbfc29953794c466754c9c698c842b7ac6e5dbb539cd4a9a80ca178c180ebb534145228c6e1f6007c2215ec"], 0x1c}}, 0x0) syslog(0x3, &(0x7f0000000640)=""/4096, 0x1000) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000140)={0x8000}) splice(r5, &(0x7f00000000c0)=0x3, r2, &(0x7f0000000100)=0x80000001, 0x1, 0x8) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000280)={0xf000, &(0x7f0000000240), 0x1, r1, 0xb}) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r4, 0x0) [ 1123.893996][ T27] audit: type=1800 audit(1593459949.137:2647): pid=12221 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15971 res=0 [ 1123.973439][ T27] audit: type=1804 audit(1593459949.157:2648): pid=12221 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1666/bus" dev="sda1" ino=15971 res=1 [ 1124.042942][ T27] audit: type=1804 audit(1593459949.157:2649): pid=12221 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1666/bus" dev="sda1" ino=15971 res=1 19:45:51 executing program 3: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@broadcast, @local, @val, {@ipv4}}, 0x0) 19:45:51 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:51 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4c00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1200}, 0x2) 19:45:51 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x3f, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x2, 0x27, 0x8, 0x4792}, {0x4, 0x4, 0x7, 0x691}]}) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0xc4881, 0x8) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1126.573014][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 1126.573023][ T27] audit: type=1800 audit(1593459952.028:2655): pid=12263 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16238 res=0 19:45:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1300}, 0x2) [ 1126.640749][ T27] audit: type=1804 audit(1593459952.068:2656): pid=12272 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) openat$smackfs_revoke_subject(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/revoke-subject\x00', 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:52 executing program 3: socket(0x18, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd600000200014060000000000000000000000e3e9fe800000000000000000000000000baa4e00002000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010"], 0x0) 19:45:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1400}, 0x2) 19:45:52 executing program 3: r0 = socket(0x2, 0x1, 0x0) connect$unix(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="82022e2f66"], 0x10) shutdown(r0, 0x2) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1126.826967][ T27] audit: type=1804 audit(1593459952.078:2657): pid=12263 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) [ 1126.885463][ T27] audit: type=1804 audit(1593459952.078:2658): pid=12263 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r2, 0x0) 19:45:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000}, 0x2) [ 1127.005747][ T27] audit: type=1804 audit(1593459952.078:2659): pid=12263 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 3: rmdir(0x0) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1127.099418][ T27] audit: type=1804 audit(1593459952.078:2660): pid=12272 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x2a085c7f}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200440c0}, 0x2) 19:45:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:52 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6100, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:52 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect(r0, &(0x7f0000000000)=@in={0x2, 0x4e26, @remote}, 0x80) write$binfmt_elf32(r0, 0x0, 0x0) 19:45:52 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1650c2, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xe) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r2, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000180)={0x2c0, r3, 0x2, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0xf0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x45, 0x3, "da43fd0c22424e54ebc42fb05acd4516a7554dde8e48bd8505d4cea51a298fe5f0e9f85e8efb0caf8ef677f9f2d0375734031e98b8030d0c7336d466c33fec41ab"}, @TIPC_NLA_NODE_ID={0x9c, 0x3, "25d267b0341afacbfe0a527a795c6fcce0974c5565031e66cfa3500ff2a59f306a5708f223a3450100ebc0418f4decdd2d89b9329ec6761ff61af57d6750e248a3e1d188434c691071ba2bfe2c5657d8afa9db885786dca4a56ad4ed2ddff53cc56d485921f7a8cdceb8a5db98a13875f535c30dce1372619f863bfae26a59898f61f9cd45030a37f90c54937054c14514b9dc917d0f353c"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x140, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7ff, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x6, @rand_addr=' \x01\x00', 0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvlan1\x00'}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth0_virt_wifi\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x1, @empty, 0xffffffff}}, {0x14, 0x2, @in={0x2, 0x4e22, @rand_addr=0x64010101}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x1, @mcast1, 0x7fff}}, {0x14, 0x2, @in={0x2, 0x4e23, @rand_addr=0x64010101}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}}}}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8}]}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x10048810}, 0x24010000) r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video2\x00', 0x2, 0x0) sync_file_range(r4, 0x9, 0x7ff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0xef, 0x852, r5, 0x0) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1127.247567][ T27] audit: type=1804 audit(1593459952.078:2661): pid=12263 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064c7, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0xc00464c9, &(0x7f0000000080)={r3}) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0x0, 0xffffffff}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:52 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = epoll_create(0x8000007) r3 = dup(r2) r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) syncfs(r1) close(r4) ioctl$sock_inet_SIOCSIFPFLAGS(r3, 0x5451, 0x0) 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1127.411231][ T27] audit: type=1804 audit(1593459952.078:2662): pid=12272 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1668/bus" dev="sda1" ino=16238 res=1 19:45:52 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000), 0x10) 19:45:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6402, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:53 executing program 3: 19:45:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) [ 1127.564416][ T27] audit: type=1800 audit(1593459952.258:2663): pid=12290 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16355 res=0 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1127.640660][ T27] audit: type=1804 audit(1593459952.268:2664): pid=12290 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir539691929/syzkaller.dHkOBO/1669/bus" dev="sda1" ino=16355 res=1 19:45:53 executing program 3: 19:45:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000100)={0x7, 0x7, 0x3}, &(0x7f00000001c0)=0x28) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c00b5bb7e982c5384b90002000000000000"], 0x1c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, 0x1, 0x4, 0x234f6acffadf42fc, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFULA_CFG_MODE={0xa, 0x2, {0x401, 0x1}}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x400}]}, 0x28}, 0x1, 0x0, 0x0, 0x850}, 0x4) pwrite64(r1, &(0x7f00000002c0)="28accf86e08a9ac5005b95d41b21af75c93349afa36c85055ce1045befc7c279952c1bf6625ed501a5eb9a529581badf3b91acbe9ac1034644e9d8c3798532bca6d99da25ae156f629344d5846475df2828dbd19324490568d824690bf2935d923327a7dd1845b7330b6b6dc485e65ea3200411f1490", 0x76, 0x4) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f00000000c0)={'ip_vti0\x00', {0x2, 0x4e21, @rand_addr=0x64010101}}) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c17fec12757917e2a587b459e8df245a89ac5474f36c407d0000000030703000000000000000000000000030c00034000000000000010000c000640000000000000005f0900010073797a3000000000080020a93860243619e99b03e57e6eb1c90541e6b8d540000000010900010073797a3100000000640bfd9f6b44fb222a6d193d1013"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f0000000280)={0x0, &(0x7f0000000200)="c768b16e12e8b5f40dd2a34b03c7c4955d11336c5b119c58f0f1e9ec8f78319623926ebc3af643eebd3343d5e583f7029b77d381684689315aba9aeb96019d228760600156b3250f8d08c76cc75e3d3a10a1642d89c0f72218620ddfa0db2c098ac9c47a259f82667c5bc44ffa931aa058df10c55c784949675ea06a22", 0x7d}) 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:53 executing program 3: 19:45:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6800, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x2, 0x0, [{0x7}, {0x1, 0x0, 0x0, 0xfffffdfd}]}) 19:45:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="88000000030703000000000000000000000000800c00034000000000000010000c000640000000000000005f0c0007800800024000000003f60000fd0000000000ffff340900010073797a31000000002c00078008000140000000050800014000008001080001400000c00b080002400000000140000000010c0003400000000000000001000000"], 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x2) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000000)='veth1_to_team\x00') 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:53 executing program 3: 19:45:53 executing program 4: 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1128.041850][T12432] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1128.103341][T12432] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. 19:45:53 executing program 3: 19:45:53 executing program 4: 19:45:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x50, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x24000040) 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6c00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:53 executing program 4: 19:45:53 executing program 3: 19:45:53 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x6c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9c}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:53 executing program 3: 19:45:53 executing program 4: 19:45:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 3: 19:45:54 executing program 4: 19:45:54 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7400, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:54 executing program 1: syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000000301951e24f1ab338734b81745bb6e04000000000000004000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000540000000010900010073797a31000000001eb47c7a11ac14fb5bc9e6749c1cf7a7be37358caba4b97e1a17e6d954714880d16e97da77b71f85ca39177b3d52e1be5744a02a0f15fb677384de52c79b17869400ceac727f62055799351d5147c2530ca3dfb4c9ec117c1c5e0377822ecee3d6924ee2a2e240318ca7f97a"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 4: 19:45:54 executing program 3: 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 4: 19:45:54 executing program 3: 19:45:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fcntl$getflags(r0, 0x401) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:54 executing program 4: 19:45:54 executing program 3: 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7800, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:54 executing program 4: 19:45:54 executing program 3: 19:45:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e330dd74768a26390000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000540000000010900010073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 3: 19:45:54 executing program 4: 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000629420700000000005f0c000780080002400800040108000540000000e9dec7191a05655358ec74dc7236ad00010073000000400000008e5532b0c18739fb764d20e57cc5f02647d02477ce764f9607f4e10dbf25da5e4b8ec45a9cda66e3d49976649c6926e91a05357a1a1ad8ee46f8c7e8bb056cb1acc08591b0cac8c75afd1dc2b97bb1056b2365fa9b651adf01194e091e3148d4190c71d6125235db767c1f2687e5a601ecfcb6d96a4e16e6bb3f4c633b4b82bbfa17a36b7c"], 0x4c}, 0x1, 0x0, 0x0, 0x894}, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000540)={&(0x7f00000002c0)="627810606746501ba6445f861077cca3cc5e08156db0d5e9c7ed9afda66ce1649904a43007c2912d6842aaf6d088a3f8bcf7934f75fb187c9352c01b5919811d68d58e967279d8d47d4914e07afe7f8fe5fcd7694be4e102b61f80ec31cef75af7a5482c856e42d54498ee481530cd86f92fcaa79108f48b14", &(0x7f0000000340)=""/245, &(0x7f0000000040)="ad256e3f3ab6d634d8bcf0cfcc2677a1e46f72c2b9741970c0357edd0cddb69033a3ff78110af527c07f8806", &(0x7f0000000440)="6dad6e0561b9e6b0d2ef6a8dfd407f193c82daba9ea61ebacb2f657219258ea546d3d03ab2b1f91680b69255ca78c07854f365d3a998fe0a41db2aa3c43a39358735b066854beec0041dc3b5380c824009cae7b3a196225218f9d51dfd266b25cc1be17fbe684f077ec418c818a4ef8f5b42fe90e0f256eeedd7c9fa64f23b03363d0353e77853abe3182a13845c073af259899d6d97a892bd62678f51404124c8be464bd751bcd53a2daea0cdba4f3eda71fbf992d1d5a1304fb94ca8f70b7be1194d912148621ab581b976f80248ee0d62eb0acc28a4c05d9890aa4df518", 0xffffffff, r3}, 0x38) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000880)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_SESSION_ID={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, r2, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private2}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x8}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x48020) 19:45:54 executing program 4: 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 3: [ 1129.360989][T12540] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 19:45:54 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7a00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:54 executing program 3: 19:45:54 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:54 executing program 4: 19:45:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x54, 0x3, 0x7, 0x3, 0x0, 0x0, {0xc}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x1ff}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x4040000) 19:45:55 executing program 3: 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 4: 19:45:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x58, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xba3}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x1c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x4000) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x20}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x20000810) recvfrom$llc(r1, &(0x7f00000001c0)=""/209, 0xd1, 0x40000001, &(0x7f00000000c0)={0x1a, 0x6, 0x66, 0x12, 0x0, 0x81, @local}, 0x10) r3 = syz_open_dev$vcsa(&(0x7f0000003540)='/dev/vcsa#\x00', 0x7, 0x10000) recvfrom$x25(r3, &(0x7f0000003580)=""/39, 0x27, 0x20, &(0x7f00000035c0)={0x9, @remote={[], 0x1}}, 0x12) 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 4: 19:45:55 executing program 3: 19:45:55 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x80fe, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:55 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000)=0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:55 executing program 4: 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 3: 19:45:55 executing program 3: 19:45:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x4000010, r1, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) delete_module(&(0x7f0000000000)='$\xc1{}}]$]\x00', 0xa00) ioctl$SOUND_MIXER_READ_VOLUME(r2, 0x80044d0b, &(0x7f0000000040)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fcntl$setflags(r3, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000240)={0x1f, 0x2, {0x1, 0x535ba0f6f9d512d, 0x81, 0x3, 0x1}, 0x5}) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xffffffffffffffb5) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x6c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x101}]}, @NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80000000}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:55 executing program 4: 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 3: 19:45:55 executing program 4: 19:45:55 executing program 3: 19:45:55 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xb401, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 3: 19:45:55 executing program 4: 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:55 executing program 4: 19:45:55 executing program 3: 19:45:55 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xb8ff, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:55 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 4: 19:45:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c590000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c0007800800024000000401797a71000000000000000000000000000020b593bdd85c64c386c97fb20a64a5f3905858c5d490030a09ac871e7ccd4a67adec89711d7fd388fd9e81d980e333af071abf171f40b9b71f0176ba7639da1b1e82fbaf8dc0eaa294efc71fa3bc6bcfb43cc019d5bc8d61d20ef485e2cd08906230ad3d0e54e1079d16a9a226a0faea4d6cc2d54810b75452e7ec6b133a4e7485"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000000)) 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 3: 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 4: 19:45:56 executing program 3: 19:45:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xe803, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 4: 19:45:56 executing program 3: 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 4: 19:45:56 executing program 3: 19:45:56 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x14, r2, 0x1, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r2, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x400}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000041}, 0x44010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:56 executing program 4: 19:45:56 executing program 3: 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xf401, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:56 executing program 3: 19:45:56 executing program 4: 19:45:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x2) 19:45:56 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:56 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xfc00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = semget$private(0x0, 0x20000000102, 0x0) semop(r1, &(0x7f0000000080)=[{0x2, 0x2}, {0x0, 0x7ff}, {}], 0x3) semtimedop(r1, &(0x7f0000000200)=[{0x0, 0xfe00}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x2, 0x7fff}], 0x1) semtimedop(r1, &(0x7f0000000040)=[{0x0, 0x5a18, 0x1000}, {0x1, 0x8, 0x800}], 0x2, &(0x7f0000000080)) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}}, 0x2) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xfcff, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000540000000010900010073797a310000000021fc7eb225cbf9fa48a3"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0xfffffffffffffffe, 0x2, {0x7, 0x1f, 0x1, 0x1004148, 0x401, 0x3, 0x7eb0, 0x6}}, 0xfffffffffffffee3) 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 4: 19:45:57 executing program 3: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:57 executing program 4: 19:45:57 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:57 executing program 3: 19:45:58 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xfe80, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:58 executing program 3: 19:45:58 executing program 4: 19:45:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c0003114000f90000000010000c000640000000000000005f0c0007800800024000000401080005400000006103ae11b7134d3db62da54034010900010073797a31000000357c5cb989b679dd0ae1f8196c855ed05a94d453075e621b6f6101000000000000004065d1b184895307d0ba37e0af92d4e7d61a78203a70b91b095cd6bd10e8b1e013366f2f7bbf7dfb39d090aa82224fa89e7fe347e923a115", @ANYRESOCT=r1, @ANYRESHEX=r1], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:58 executing program 4: 19:45:58 executing program 3: 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1132.775613][T12793] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1132.819977][T12803] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:45:58 executing program 4: 19:45:58 executing program 3: 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:58 executing program 4: 19:45:58 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xff00, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:58 executing program 3: 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:58 executing program 4: 19:45:58 executing program 3: 19:45:58 executing program 4: 19:45:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x71, &(0x7f0000000140)={r4}, &(0x7f0000000040)=0x18) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={r4, 0xfffffffc}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000240)={r5, 0x4}, 0x8) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080), &(0x7f00000000c0)=0x4) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0006000091d426af0065ad132237151fbd62c30314737c7e2493bfe521a52f00000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000540000000010900010073797a31"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:58 executing program 3: 19:45:58 executing program 4: 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080001400000093808000540000000010900010073797a3100000000b1468358a2ab34427b5bcc486f78568030674e4f61e87b9606fa45814027da425f967e380ef368b9d65d716747ec6d589e6e409f80dfa2702a83c1e5797e5d9e7db13856e29a35dc68b4598f616706fd6ca6930107cb0fcb46ebab40835fd7ceef"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:58 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xffb8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:58 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 3: 19:45:59 executing program 4: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000100)={'veth0_virt_wifi\x00', {0x2, 0x4e20, @private=0xa010102}}) socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000080)) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="7c00000003071f02000000000000000000fe1d40cf150000800c00034000000000002210000c000640000000000000005f0c000780080001400000007c08f70440000000013cf107800800014000000009c976b685248d3bac08000240fffffff80800024000000020080002400000ffff0800014000000005080089"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:45:59 executing program 4: 19:45:59 executing program 3: 19:45:59 executing program 4: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1133.729959][T12867] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. 19:45:59 executing program 3: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xfffc, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:59 executing program 3: 19:45:59 executing program 4: 19:45:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) signalfd(r1, &(0x7f0000000040)={[0x3]}, 0x8) ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000280)=""/200) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000003f902000000000000000000000000080c00034000000000000010000c00064000000000000000080c000780080002400000040108000540000000020900010073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000000206010300000000000000000000000005000400000000000900020073797a3000000000050001000600000005005f1a8e6b9d05000a00000012000300686173683a6e65742c70ef"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 4: 19:45:59 executing program 3: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nf_conntrack_expect\x00') read$smackfs_cipsonum(r0, &(0x7f0000000040), 0x14) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x24, r5, 0xf, 0x0, 0x0, {0xf}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x24}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r5, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f0000000080)={0x1, 0x2, 0xca, 0x0, 0x0, 0x8, 0xb}, 0xc) 19:45:59 executing program 3: 19:45:59 executing program 4: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2001c, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:45:59 executing program 4: 19:45:59 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:45:59 executing program 3: 19:45:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f0000000040)) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000000)=0x40, 0x4) 19:45:59 executing program 3: 19:45:59 executing program 4: 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 3: 19:46:00 executing program 4: 19:46:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000580)={0x15, 0xdf, &(0x7f0000000480)="c867a239de4b43213450fa831de239a63c5e3195fc74282d05bcc52b46c6242b51cf4137029be1acccc18b64a45651a704b76b206c73f4f1c9d1756496517e034b093698ce9dd128d97a9d7383c1a9dddd1d90080c65407bc188964a7503c6c0da6232f4e38f5a071a709743f1f3825d2aa0e87a3594cee3ec60144c86e40590d051db4310a81cedc5465740c423a2c474777442bd710a52995ee2648874b90e44a2765448be50cf4ef5e0851ce5867809d8646e7d140f59c332bb7c6a349e711a8f172c2cbc25dd132003d27f300485afb8ededac0bd66f928da2f4b08848"}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r4 = getuid() ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000000)={0x81, 0x200, {r2}, {r4}, 0x2, 0xc362}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffb, 0x2e, 0x7, @scatter={0x3, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/44, 0x2c}, {&(0x7f00000001c0)=""/171, 0xab}, {&(0x7f0000000280)=""/87, 0x57}]}, &(0x7f0000000300)="8c161b3cd85c1125ea891ecfab21aab7621ce4dbbe851a71ac6d8dfffd8aec3ad1fb1ea6a337d40670a2daf9e744", &(0x7f0000000340)=""/77, 0x1, 0x4, 0x3, &(0x7f00000003c0)}) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x3, 0x7, 0x3, 0x0, 0x0, {0x1}, [@NFACCT_FLAGS={0x8}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000c1}, 0x2) 19:46:00 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x100000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:00 executing program 4: 19:46:00 executing program 3: 19:46:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000001c0)={0xa30000, 0x9, 0x4, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9909d2, 0x77dc, [], @p_u16=&(0x7f0000000040)=0x20}}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000000)={0x32, 0x6, 0x0, {0x1, 0x3, 0x9, 0x0, ']-]{[*\xe4.]'}}, 0x32) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x854}, 0x2) 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 4: 19:46:00 executing program 3: 19:46:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x38, 0x140b, 0x300, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x800) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000001c0)=@getsadinfo={0x1c4, 0x23, 0x20, 0x70bd2a, 0x25dfdbfe, 0x0, [@policy_type={0xa}, @algo_aead={0x8e, 0x12, {{'aegis256-generic\x00'}, 0x210, 0x180, "c968112fdd179ae11a550fbe087e511a7f79fd6af604415f30395b7654f53f274d89b411572ea4562f31f82e06c4ebe0db00b9d306ff9a72234dd196ebb435b14c75"}}, @encap={0x1c, 0x4, {0x1, 0x4e21, 0x4e23, @in=@multicast1}}, @coaddr={0x14, 0xe, @in=@local}, @algo_crypt={0xd0, 0x2, {{'ecb-aes-ce\x00'}, 0x440, "d05d81cbdab717f3ee334964ed7224ddecce123280dc7cdecd0e818c5953b5fa38300af73a9eb9dbcd6c2f168ee7ba8aca3419a48785fdf0f4457dce9bbd150da56d4df345f5e0a8d333af1314d39c28fa31de108fe76b9aa28441d62762bc24fc90a299f2711eb6dcffbff31c18537fc628ac46b166dfed60a79409c0b78c00a2bb248984bc6d14"}}, @coaddr={0x14, 0xe, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x4}, 0x8080) 19:46:00 executing program 4: 19:46:00 executing program 3: 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 4: 19:46:00 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x1000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:00 executing program 1: lseek(0xffffffffffffffff, 0xff, 0x1) r0 = open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x99) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x885b, 0x40002) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000001c0)={{0x0, 0x0, @identifier="95b456f7a5a856f186f43a753037996d"}}) 19:46:00 executing program 3: 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 4: 19:46:00 executing program 3: 19:46:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 4: 19:46:00 executing program 3: 19:46:00 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:00 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f00000000c0)={0x87, @rand_addr=0x64010102, 0x4e23, 0x4, 'dh\x00', 0x3, 0x6cb, 0x60}, 0x2c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='veth1_to_bond\x00'}) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x50, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_QUOTA={0xc}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:01 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x2000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:01 executing program 4: 19:46:01 executing program 3: 19:46:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000800000000000000010073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:01 executing program 4: 19:46:01 executing program 3: 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1135.689958][T13018] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x31, 0x3, 0x7, 0x3, 0x0, 0x0, {0x2}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xf369}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_QUOTA={0x0, 0x6, 0x1, 0x0, 0x6}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:01 executing program 4: 19:46:01 executing program 3: 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x8], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1135.886513][T13033] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:01 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x3000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:01 executing program 4: 19:46:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="84000000100001000079180000000012e7", @ANYRES32], 0x84}}, 0x0) 19:46:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000)) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) r3 = pidfd_getfd(r2, r0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', r3}, 0x10) prctl$PR_SET_PTRACER(0x59616d61, r1) 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x9], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:01 executing program 4: [ 1136.030945][T13043] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.3'. 19:46:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000ca46f77830000000000005f0c000780080002400000040108000540000000010900010073797a3100000000191368fb5eb5f236a33cd2fc2725953bca57bc8407b1375c664e227f05a4bc28d03697c6f3a6f763ef5add4c668d94bb3329f18e"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4bc, 0x1, 0x5, 0x301, 0x0, 0x0, {0x3, 0x0, 0xa}, [{{0x254, 0x1, {{0x3, 0x9d}, 0x4, 0x3, 0x5, 0xf800, 0x0, 'syz1\x00', "6f0acd3175f81913a217d98f53b48dbb490984380722692062499f74f63f378c", "b47934b5e6feec6824d3c1d88de9447417f186f466ff110aa0123421a5d30f4b", [{0x2, 0x3, {0x3, 0x3c9}}, {0xffff, 0x2, {0x0, 0x5}}, {0x7, 0x6, {0x2, 0x9}}, {0x7, 0x80, {0x0, 0x6}}, {0xd833, 0xffba, {0x0, 0xfff}}, {0x8, 0x3, {0x2, 0x20}}, {0x80, 0x1, {0x2, 0x400}}, {0x7ff, 0x5, {0x0, 0x4}}, {0x3, 0x0, {0x2, 0x7fff}}, {0x7fff, 0x80, {0x1, 0x2}}, {0x1, 0x40, {0x0, 0x1d}}, {0x4, 0x7, {0x0, 0x5ce}}, {0x8, 0x7, {0x0, 0x50}}, {0x2, 0x6, {0x1, 0x8}}, {0x3, 0x7, {0x0, 0x8000}}, {0xdc5, 0x0, {0x2, 0x1ff}}, {0x5, 0xfc00, {0x0, 0x5b9c}}, {0xef1, 0xff, {0x2, 0x40100000}}, {0x2e, 0x1feb, {0x0, 0x4}}, {0xc2, 0x1, {0x1, 0x40}}, {0x7f, 0x7, {0x0, 0x81}}, {0x98, 0x9, {0x2, 0x1}}, {0x2, 0xdf0, {0x2, 0x8000}}, {0x3f, 0x5, {0x2, 0x101}}, {0x8, 0xecf, {0x3, 0x7fff}}, {0x1, 0x6, {0x3}}, {0x1000, 0x5, {0x1, 0xd6}}, {0x6, 0x11, {0x0, 0x6d1f}}, {0x7f, 0x39, {0x1, 0x8}}, {0x6d1, 0x6, {0x1, 0x4}}, {0x5, 0x3ff, {0x2, 0x80}}, {0x81, 0x7, {0x3, 0x3f}}, {0x1, 0x101, {0x2, 0x9}}, {0x2, 0xf41, {0x2, 0x8}}, {0xfff, 0x2c, {0x2, 0xffffffff}}, {0x3f, 0x3, {0x1, 0x8001}}, {0x6, 0x80, {0x1, 0x46c88821}}, {0x1, 0x2, {0x3, 0x3ff}}, {0x2, 0x5, {0x3, 0x8}}, {0x7d8b, 0x7, {0x2, 0x1ff}}]}}}, {{0x254, 0x1, {{0x0, 0xbed}, 0x3f, 0xde, 0x0, 0x4a, 0xb, 'syz1\x00', "4288d56c27be495ffd993546aa02bf695663971d5f126b8e2ef6eba61967c357", "3edef4a02ea621d4b4103f538e4192b3252dde4322619a59818f9e4d1a857bbb", [{0x20, 0x3, {0x1, 0x80}}, {0x3ff, 0x8, {0x1, 0x1}}, {0x9, 0x5d, {0x3, 0xff}}, {0x1, 0x5, {0x0, 0x81}}, {0x4000, 0x200, {0x0, 0x1}}, {0x5, 0x5, {0x0, 0x5}}, {0xa7, 0xf6c, {0x1, 0x3}}, {0xfff9, 0x1, {0x2, 0xe7500000}}, {0x8, 0x4e, {0x0, 0x7}}, {0x24e, 0x7240, {0x1, 0x3}}, {0x5cc, 0x9, {0x1, 0x3}}, {0x100, 0x59, {0x0, 0x3}}, {0x7, 0x7fff, {0x1, 0xfffffff8}}, {0x1, 0x1, {0x1, 0x7fffffff}}, {0x3, 0x200, {0x0, 0x8}}, {0x5, 0x7ff, {0x3, 0x3}}, {0x20, 0x7ff, {0x2, 0x3}}, {0x3, 0x9, {0x3, 0x100000}}, {0x0, 0x8aba, {0x2, 0x7}}, {0x6, 0x9b, {0x2, 0x7fffffff}}, {0x6, 0x3, {0x0, 0x1}}, {0x1000, 0x8, {0x0, 0x9}}, {0x91, 0x3, {0x1, 0x4}}, {0xd7b, 0x0, {0x0, 0xb0bb}}, {0x101, 0xffff, {0x1, 0x7}}, {0x9, 0xfff, {0x0, 0x8}}, {0x2, 0x4, {0x1, 0x1}}, {0x2, 0x9, {0x3, 0x722}}, {0x8, 0x3, {0x3, 0x40}}, {0x0, 0x101, {0x0, 0x4}}, {0x9b55, 0x100, {0x2, 0x2}}, {0x20, 0x1, {0x3, 0x1}}, {0x1000, 0x0, {0x3}}, {0x5, 0xcf, {0x1, 0x7cb}}, {0x5, 0x402, {0x0, 0x7}}, {0x2, 0x4, {0x0, 0xffffffff}}, {0x1, 0x7f, {0x3, 0x6}}, {0x2, 0x1, {0x2, 0x7}}, {0x2, 0x7, {0x2, 0xfffffff9}}, {0x0, 0x4, {0x0, 0xffffffff}}]}}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x44000}, 0x8000) 19:46:01 executing program 3: 19:46:01 executing program 4: 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:01 executing program 3: [ 1136.217630][T13058] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xb], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1136.305973][T13058] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:01 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x4000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:01 executing program 4: 19:46:01 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xc], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c00064000000022080000000c000780080012400000040108000540000000010900010073797a3100400000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:01 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xd], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x400000000, 0x40) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x48, 0x13, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040001}, 0x40080) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c1d2444cf0002400000040108000540000000010900010073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$PPPIOCSFLAGS(r2, 0x40047459, &(0x7f0000000280)=0x2a0000) 19:46:02 executing program 4: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@fat=@errors_continue='errors=continue'}]}) 19:46:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010080, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xe], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1136.604256][T13097] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1136.639359][T13094] FAT-fs (loop4): bogus number of reserved sectors 19:46:02 executing program 3: r0 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000008000/0x600000)=nil, 0x600000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$P9_RREMOVE(r2, &(0x7f0000000280)={0xfffffffffffffcd2}, 0xff7f) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000480)={0x100000, r2}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0xf], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1136.716082][T13094] FAT-fs (loop4): Can't find a valid FAT filesystem 19:46:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x5000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x10], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1136.829909][T13094] FAT-fs (loop4): bogus number of reserved sectors [ 1136.842474][T13094] FAT-fs (loop4): Can't find a valid FAT filesystem 19:46:02 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = gettid() sendmmsg$unix(r1, &(0x7f0000001b00)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000080)=')', 0x1}], 0x1, &(0x7f0000000040)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x10}}], 0x30}], 0x1, 0x0) 19:46:02 executing program 3: mq_getsetattr(0xffffffffffffffff, &(0x7f0000000040)={0x9db}, 0x0) 19:46:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000030703000000000000000000000009000000000000000000000010000c000640000000000000005f0c00078008000240000004017a31000000000000000000000000000000000000a865097cf819f4452eb0263cf82df4e143c99f42a4528667257e458c936551d7e67ff413d10690de35ec298985756e5e44491df0d5cda9817483d3f98055524796c5ed10f85ff1c1daf2a233aa8c30e45a44e27f74"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x11], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:02 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0xb4, 0x4) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001780)="a45d4e26c6fadcbd663ccd6c0aca006b802c18d131b5427b3d4515dee8f10570a5923f3f543435278f94c3f8f0d4c35488ecfb1bd630b2e1e0e4247bb44938f03d603b27e44942ddcd3f11f086e6bf39ab074b690284b6d6aff6cc1e736b32f7d781c315bad312c6e8062089abe9838cd011d5227aa050589d2e5f34e10165336747bc2156f8e2570a4a76d4af1ef57edb31f57834ba2486c9f253a1737d59d15a11571414ec61c17dc20d9974e58cf2925c7c6e56216d4e35e39a9977e27e21450596008761c86e216667c6f72b64fdcad802718d16b390d4b4dc05bffb838b7e6831cc53b65b1de0bbf6af1311a722a80065913d37bea8c988e3b3f05ab1eb02d6b52a11191f1ced75b0200502e5f2881204104e152b5644da9d26301ed8905156a069c61444d44d82c135ff4f20574247a4a5cc963e3c395a029125ccae1f1564a3e28e06b1a08e47bd1a9621edf1003d167cbdfc0be2a4914908198575a688a38d24bdc9881ced9fe04e119a87b9286ea15aa168163a9650a26a926c571f2f0e0b2102de1fd1a6920cb71d846f02b2c23f80a3c0116b48d14925e69c4a65126e544995e0cb5fefaa870ddd66e8eb47a3be8f07fcd361dcf144c865fe355e3b98e6d4694d74aa6d3d75c7c568feabdcb483c5c22ca40782cd2dea789dc677c603227878c369a3b7a3204bf1bc9b1fdb1e00447152e854095b9527d6e980b1bac1b1ec6e9706084ac77b383bd4e555a11410f6a830966ec9b0fa58abf22238638ea06bad5baa2b55174b0db5108d79849c1028550fb3c713875478805f961b04f94a70dcde91c0d2ea2bcd0d2dd83b09cd6a0975db4257bf599f7d82462f914e4e641aa399ba721e72fd53d21af1f5d2a075bfd90044c562027ec840170b2d4b67adf68ed790a5ce5a49933f55c0df0b2a2ae252b5bf00b5ca0ec0005674ac62eee923cae59edeab59c1d00ca6d6f56c5ed757ce4cb67a55bcc9fb79105dbf6d0bb978631ac3bb68fc7bf0b2e88a056f10ba6174b9a511d8cd7257c82a9c66f399d5d9bda583af51f9a2dc086e1ca1a9bc7c57329d4932960b4594c94a8ef63132321531d313651616f40a0d63dc130d362f080edce63bec", 0x319}, {0x0}], 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001400)={0x98, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x84, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x98}}, 0x0) [ 1137.069026][T13137] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x12], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:02 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x6000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:02 executing program 4: socket$can_raw(0x1d, 0x3, 0x1) r0 = open(0x0, 0x0, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ustat(0x4, &(0x7f0000000100)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000140)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x800}}, 0x10) mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1001400, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB="2c3030303030303030303030363030303122363542e356d6643d00"/42, @ANYBLOB, @ANYRESDEC=r1, @ANYBLOB=',default_permissions,allow_other,func=MMAP', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=cgroup.pr']) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x0, 0x0) read$eventfd(r2, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) connect$rxrpc(r0, &(0x7f00000000c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24) 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x13], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="4c0000000307030000f29265c52e32ff760e00000c00034000000000000010000c000640000000000000005f0c0007800800024000000401080005f06dc4e299e5b35546e3624ee6a3395440000020010900010073797a31000000007ee1ce5234331c6e5f14a04b80c9b9049312d4371c9c5f7850edcd1b04dcbc4fb2722c5aab6cadb577838653dcd19d6a03364e54634c45b93e7aad80f48cae06a667d0fb1108b273f74211d1b3d103db4e907cafa5726e3049c561af2a05dbbcae9787deec6f780b00cfefca93094efdeff5d44c966c912f3fa3833d2fa40c6e75226086af06e370b014a24cf483025542b152e0e8a89ece69fc8901867d6f5a50bfe68cd4403636ad82e2d2969a816a4d910f042ebba7493ace835c15038a582ff7fda7e41070104a61"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = accept4(r0, 0x0, &(0x7f0000000040), 0x800) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x71, &(0x7f0000000140)={r4}, &(0x7f0000000040)=0x18) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000080)={r4, 0x800, 0xff1f}, 0x8) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f0000000780)=ANY=[@ANYBLOB="100300000103010100000000000000000c00000aa0000b80280001800c000280050001003a00000006000340000000000600034000020000060003400000000074000e800c00028005000100210000002c00018014000300fc02000000000000000000000000000114000400fe8000000000000000000000000000bb0c00028005000100000000000c000280050001003200000006000340000400000c000280050001002f0000000c000280050001002f00000014020f80080005400000000058000a8008000140000000010800014000000001080001400000000108000140000000010800014000000001080700000000000108000140000000011c0002800c00028005000100060000000c0002800500010006000000040003802c0001801400018008000100ac1414aa08000200ffffffff0c0002800500010000000a000600512e39333100000008000440000006c12c010a8008000140000000010c000280060003400004000008000140000000010800014000000000800002800c000280050001001b0000002c00018014000300ff02000000000000000000000000000114000400fe8800000000000000000000000001010c00028005000100880000002c00018014000300fc0100000000000000000000000000011400040000000000000000000000ffff640101020c00028005000100840000008400028006000340000100000c00028005000100010000000600034000020000140001800800010000000000080002007f0000010c000280050001008800000006000340000400002c00018014000300fc0100000000000000000000000080011400040000000000000000000000ffffac1414aa0600034000040000060003400001000008000b0073697000380001802c00018014000300fc02000000000000000000000000000114000400000000000000000000000000000000000600034000020000080003400000000737000a0082303a590be30e6aed6efbfb09066cdc2563055f6a494f8f565b777d0c9059b7fb0851c8609913fea47b2af0c3710a22f4851200080003400000000676ef72e70a048065ddb74885f38008f6a9e2e56600618ebeb575073327dd7b3c70ff5e124a469aa4a05e9e0ab1fec813b46499f56c3f1e0bd0af2d03ad9ba258534c189752f0cd19a0b5f855b6e97b070510a5e2ebd2e426192368b594ee286ca5a0ab1535fdf84a8a26f8ed9ffbde012f77cae45eaf33f18cf43e57c6842650c95b0d16500c217830e1c8f9c509df710836ed97a10072f6fc553e9f0542f13b9c1f79d389fe35"], 0x310}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 1137.281885][T13153] IPVS: ftp: loaded support on port[0] = 21 [ 1137.289294][T13157] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1137.359993][T13161] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. 19:46:02 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x14], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1137.563655][T13153] IPVS: ftp: loaded support on port[0] = 21 [ 1137.615264][ T91] tipc: TX() has been purged, node left! 19:46:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x15], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c003ddf99a8001db1c8fb500000000010000c000640000000000000005f914a9227bb52c2f77f9be9c56ec1ba002401a671f77200000001090001007379"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xb) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f0000000000)={0x1, 0x200, 0x8, 0xff, 0x3ff, 0x7f}) 19:46:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x0, 0x33}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x4, 0x200}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 19:46:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}, 0x80}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_targets\x00') preadv(r0, &(0x7f00000017c0), 0x1c0, 0x4000) 19:46:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x16], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000030700000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780080002400000040108000540000000010900010073797a310000000032c41d4b9034c6f574433ec77f9c2d5a4e3d795730bbb3dae2df"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x17], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:03 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x0) 19:46:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x18], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:03 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYRES16=r0], 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0xc002) 19:46:03 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x19], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x8000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:03 executing program 4: msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000001280)=""/4096) 19:46:04 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000380)={'bridge0\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="040000000000000003"]}) 19:46:04 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x1a], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:04 executing program 4: msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000380)=""/73) 19:46:04 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x3}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:04 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x9000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:04 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600004, 0x9) 19:46:04 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x1b], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:04 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000000016, &(0x7f00000004c0)) rt_tgsigqueueinfo(r2, r2, 0x0, &(0x7f0000001180)={0x0, 0x0, 0xffffc58b}) 19:46:04 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote}, &(0x7f0000000200)=0xc) r2 = socket(0x200000000000011, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4}, 0x14) getsockname$packet(r2, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r5}, 0x40) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r7 = socket(0x200000000000011, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9}, 0x14) getsockname$packet(r7, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r10}, 0x40) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000300)={'team0\x00', r10}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x604800}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)={0x1c4, 0x0, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8, 0x1, r5}, {0x120, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0xc, 0x4, [{0x932, 0x8, 0x2, 0x20}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0xfffffffd}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8, 0x4, r11}}}]}}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x20044080}, 0x20048085) 19:46:04 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xa000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:04 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x1c], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:04 executing program 4: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000a00)={'filter\x00', 0x2004, 0x4, 0x3c8, 0xe8, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond=[0x2], 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x2e0}}, {{@arp={@multicast1, @multicast2, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6_vti0\x00', 'ip6tnl0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @remote, @multicast2, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'wg2\x00', 'team_slave_1\x00'}, 0xc0, 0xe8}, @unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x418) 19:46:04 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x1d], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:04 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c000000030703000000000000000000000000000c00034000000000000010000c000640000000000000005f0c000780ffff00000000040108000540000000010900010073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) 19:46:04 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x1e], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1139.304134][T13320] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' 19:46:04 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xb000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:04 executing program 4: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000a00)={'filter\x00', 0x2004, 0x4, 0x3c8, 0xe8, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond=[0x2], 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x2e0}}, {{@arp={@multicast1, @multicast2, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6_vti0\x00', 'ip6tnl0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @remote, @multicast2, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'wg2\x00', 'team_slave_1\x00'}, 0xc0, 0xe8}, @unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x418) 19:46:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x21], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1139.488025][T13337] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' 19:46:05 executing program 4: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000a00)={'filter\x00', 0x2004, 0x4, 0x3c8, 0xe8, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond=[0x2], 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x2e0}}, {{@arp={@multicast1, @multicast2, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6_vti0\x00', 'ip6tnl0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @remote, @multicast2, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'wg2\x00', 'team_slave_1\x00'}, 0xc0, 0xe8}, @unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x418) [ 1139.657413][T13349] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' 19:46:05 executing program 3: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902000000a8a989000000007ba79554354cdddb4e667263a72ff58ab16f88b9663da5668b145e"], 0x10}}, 0x0) dup(0xffffffffffffffff) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f00000001c0)=0x3) 19:46:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:05 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYRESDEC=r1, @ANYBLOB="7739d51b6b7b745489ef44c48d2ef49339e139312ca51efb98b693712d9a9a676fd75104f3e24d19670fa5dbf9f0a996fed18ffa5881ee6bab93ec774bc305e5ff9e7ae98d02906a8f0e61369bbbe59b70eb0f7e40dc7786b87a1ba3454f0fd1e20afc2526b45b20c6fa072e0af91c7148630557b2f82b8873bafe7bd0597535a96f4fb0beec2ff1eeb2e23326fa5c5b5e4a2f737b8de6a9fb63bf561121392caf7e268a96f4275025a6fd7a1c826397a170657cff2de0c1f3122828eeb3e2c3dfbea3a11cf9c1e684787507d4d67b45ac1e2ebe9da13dd9810b81fdeb094b"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) 19:46:05 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r1 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0xff77, 0x0, 0x0, 0x4d97) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0xc000000, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) 19:46:05 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001780)="a45d4e26c6fadcbd663ccd6c0aca006b802c18d131b5427b3d4515dee8f10570a5923f3f543435278f94c3f8f0d4c35488ecfb1bd630b2e1e0e4247bb44938f03d603b27e44942ddcd3f11f086e6bf39ab074b690284b6d6aff6cc1e736b32f7d781c315bad312c6e8062089abe9838cd011d5227aa050589d2e5f34e10165336747bc2156f8e2570a4a76d4af1ef57edb31f57834ba2486c9f253a1737d59d15a11571414ec61c17dc20d9974e58cf2925c7c6e56216d4e35e39a9977e27e21450596008761c86e21", 0xc9}], 0x1) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 19:46:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) 19:46:05 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000053c27bc01ff003639405cb4aec12f0000001500ae47a835d86800278dcff47d010000805acf4f8f364602344324adaf81dcfc6afd983f79e65199615607676f8f9fc05d05692e664e070070faa53367f05f4affffffffffff800031e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924", 0x7c}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 19:46:05 executing program 2: dup(0xffffffffffffffff) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa800201f}) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x12, 0x4, 0x8, 0x6e, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x0, 0x0, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x40) memfd_create(&(0x7f0000000080)='/dev/aats\x00', 0x0) [ 1140.108854][ C0] traps: PANIC: double fault, error_code: 0x0 [ 1140.108857][ C0] double fault: 0000 [#1] PREEMPT SMP KASAN [ 1140.108860][ C0] CPU: 0 PID: 13381 Comm: syz-executor.4 Not tainted 5.8.0-rc2-syzkaller #0 [ 1140.108864][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.108866][ C0] RIP: 0010:check_preemption_disabled+0xa/0x240 [ 1140.108873][ C0] Code: e8 1b 91 57 f9 48 c7 c7 be a1 e9 88 48 c7 c6 4f 27 04 89 eb 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 <50> 49 89 f6 49 89 ff e8 ea 90 57 f9 65 8b 1d 2b d0 e4 77 65 8b 2d [ 1140.108876][ C0] RSP: 0018:fffffe0000002000 EFLAGS: 00010087 [ 1140.108881][ C0] RAX: ffffffff881cc549 RBX: 0000000000000000 RCX: 0000000000040000 [ 1140.108884][ C0] RDX: ffffc900117f2000 RSI: ffffffff8904a21f RDI: ffffffff88f45377 [ 1140.108888][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1140.108891][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 19:46:05 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r2 = pidfd_getfd(r0, r1, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x71, &(0x7f0000000140)={r5}, &(0x7f0000000040)=0x18) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f00000001c0)={r5, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x16}}}, [0x0, 0x9, 0x6, 0x7fffffff, 0x1, 0x6, 0x1ff, 0x800, 0x0, 0x0, 0x7fffffff, 0xffff, 0x61, 0x8, 0xffffffffffff0001]}, &(0x7f0000000000)=0x100) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x3, 0x7, 0x3, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5f}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x401}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x2) [ 1140.108894][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: fffffe0000002120 [ 1140.108898][ C0] FS: 00007f60b61e7700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 1140.108901][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1140.108904][ C0] CR2: fffffe0000001ff8 CR3: 00000000879ee000 CR4: 00000000001406f0 [ 1140.108908][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1140.108911][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1140.108913][ C0] Call Trace: [ 1140.108914][ C0] [ 1140.108916][ C0] fixup_bad_iret+0x3a/0xf0 [ 1140.108918][ C0] error_entry+0xb8/0xc0 [ 1140.108921][ C0] RIP: 0010:native_irq_return_iret+0x0/0x2 [ 1140.108927][ C0] Code: 5a 41 59 41 58 58 59 5a 5e 5f 48 83 c4 08 e9 10 00 00 00 90 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 f6 44 24 20 04 75 02 <48> cf 57 0f 01 f8 0f 1f 00 65 48 8b 3c 25 08 90 01 00 48 89 07 48 [ 1140.108929][ C0] RSP: 0018:fffffe00000021d8 EFLAGS: 00010046 ORIG_RAX: 0000000000000000 [ 1140.108934][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 19:46:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='rdma.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) getsockname$qrtr(r1, &(0x7f0000000200), &(0x7f0000000040)=0xffffffffffffffc6) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010300000004000000000060ec8726afde130000000500a9000000000009000200731f7a300000140005000100118c4bdff656680600f2a59d7ce96c306c880000050005000a0000001200030068615a46c5ddefce54ac70c28955352dbd1cc4070ea394d0176883f123b57a57f079204255b4f5d7f0177a1770308c27fd01ccc1221347ac244265e987e4216f15104a7b78026773f7659ad6c4c5c0ddf014edf5bafa65e0e364766ef0a7f2eeb510e6"], 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000003060102000000000000000000010000050001800700000059518c41447e96ea09a6e5910a43017fb792c180ff071c3fc696306d661ae9e79d4d5e5c61ffdcad57ad67034a4139e1833ee1f34f0b8012b87eb431a5b8893205a6a4e96e508442ef78c74a80846b39aa413c48cb70c0a933f774b9a2f1e673ab975a9818f8174798834c8023bea6cc349ef7dc76aeb199decc579a72e378c496bc042a0773c8272a085f427b87f8613dc253c932a0b3f141ee66f06ef91b46292281573362b029076fffcfbfc3f443414159de6dc7a8c52ab60eb3665728801d9a93"], 0x1c}}, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) sendmsg$NFNL_MSG_COMPAT_GET(r3, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x40) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000033451b15dde5647017baaa2ff5aa6f08d2f859a6f4f38baaa2086fe04a672c04547e32d102c1b5c94979ad936fc9772380a3aa7ed20c4b02b49ebd78b34f29f11f62e92710a3ded943a1dd12d7af9a1fd2cd602c88a4cd57a1974b990f7cea5dcf5016dcd3a7118f488eea573a7b"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x2) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000240)=0x80) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x400000, 0x0) [ 1140.108938][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1140.108941][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1140.108944][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1140.108947][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000078 [ 1140.108950][ C0] ? asm_exc_general_protection+0x8/0x30 [ 1140.108952][ C0] RIP: 0033:0x273c050000075366 [ 1140.108954][ C0] Code: Bad RIP value. [ 1140.108957][ C0] RSP: 002b:00007f60b61e6c78 EFLAGS: 00000346 [ 1140.108959][ C0] Modules linked in: [ 1140.366239][ C0] ---[ end trace d9fef3493eb16c0c ]--- [ 1140.366243][ C0] RIP: 0010:check_preemption_disabled+0xa/0x240 [ 1140.366251][ C0] Code: e8 1b 91 57 f9 48 c7 c7 be a1 e9 88 48 c7 c6 4f 27 04 89 eb 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 <50> 49 89 f6 49 89 ff e8 ea 90 57 f9 65 8b 1d 2b d0 e4 77 65 8b 2d [ 1140.366254][ C0] RSP: 0018:fffffe0000002000 EFLAGS: 00010087 [ 1140.366260][ C0] RAX: ffffffff881cc549 RBX: 0000000000000000 RCX: 0000000000040000 [ 1140.366264][ C0] RDX: ffffc900117f2000 RSI: ffffffff8904a21f RDI: ffffffff88f45377 [ 1140.366267][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1140.366271][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1140.366275][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: fffffe0000002120 [ 1140.366278][ C0] FS: 00007f60b61e7700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 1140.366282][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1140.366285][ C0] CR2: fffffe0000001ff8 CR3: 00000000879ee000 CR4: 00000000001406f0 [ 1140.366289][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1140.366292][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1140.366296][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 1140.367639][ C0] Kernel Offset: disabled